AWS services in this solution
Sandbox Studio uses a combination of AWS managed services to securely deliver, manage, and clean up sandbox environments. The table below describes the core AWS services used in the solution.
| AWS Service | Description |
|---|---|
| Amazon CloudFront | Acts as the entry point into the application. It fronts both the static website (hosted in Amazon S3) and the API Gateway, ensuring secure and efficient content delivery. |
| AWS IAM Identity Center | Manages all user access to the solution. Every user has an account in IAM Identity Center, where access permissions and group memberships are defined. |
| AWS AppConfig | Stores global limits and application settings, allowing configuration updates without code changes. Used across multiple parts of the solution. |
| AWS Organisations | Hosts all organisational units (OUs) used to manage sandbox accounts. The solution places accounts in different OUs depending on their state in the sandbox lifecycle. |
| Amazon RDS | Provides a PostgreSQL database for storing structured data such as account templates and lease records. |
| AWS Secrets Manager | Securely stores private keys for authentication and database credentials used by the application. |
| AWS Lambda | Runs all backend compute for the application using a serverless architecture, avoiding the need for containers or virtual machines. |
| AWS CodeBuild | Runs pre-launch tasks (such as deploying resources into new accounts) and cleanup tasks (such as deleting resources after a sandbox lease expires). |
| Amazon S3 | Hosts the main static website for the application. |
| AWS Key Management Service (AWS KMS) | Uses customer-managed keys to encrypt various elements of the solution. |
| Amazon Simple Queue Service (Amazon SQS) | Handles asynchronous events such as bulk account setup or cleanup operations. |
| AWS Systems Manager | Uses AWS Systems Manager Parameter Store to store installation-time configuration variables that need to be shared across different CloudFormation stacks in the solution. |
| Amazon CloudWatch | Captures all application logs and system metrics, allowing administrators to monitor system health and troubleshoot issues. |
No comments to display
No comments to display