Roles deployed
Introduction
Sandbox Studio installs multiple roles in your environment, each serving different purposes:
1. OrgMgtRole - SandboxStudio-{Namespace}-OrgMgtRole
• For operations on the org management account
• Assumed by Hub Account
2. IntermediateRole - SandboxStudio-{Namespace}-IntermediateRole
• Cross-account intermediate role
• Assumed by same account root
3. IdcRole - SandboxStudio-{Namespace}-IdcRole
• For IDC operations
• Assumed by Hub Account
4. SandboxAccountRole - SandboxStudio-{Namespace}-SandboxAccountRole
• For operating on sandbox accounts
• Assumed by Hub Account
5. LaunchTemplateExternalAccessRole
• Allows access to S3 buckets in external accounts
• Can be assumed by any AWS account (Principal: "*")
| Role name | Account created in | Purpose | Can be assumed by |