Step 1: Deploy the AccountPool stack
Install the AccountPool CloudFormation stack in the organisation management account.
How to Install this Stack
- Login to the AWS Management Console using the Organisation Management Account.
- Navigate to the CloudFormation page.
- Click Create Stack and select With new resources (standard).
- For Template Source, select Amazon S3 URL and enter the CloudFormation Template URL shown below and click Next.
- On the Specify Stack page, enter the stack name 'SandboxStudio-AccountPool' and use the parameters shown below.
CloudFormation Template URL
https://sandbox-studio-software-dist.s3.amazonaws.com/versions/<VERSION>/SandboxStudio-AccountPool.template.jsonFor more information on how to find the latest version, click here.
Parameters
| Key | What to enter |
|---|---|
| Namespace | 3–8 chars, e.g. MySs |
| HubAccountId | 12‑digit Hub account ID |
| ParentOuId | OU ID to nest Sandbox OUs under (e.g. your root ID r-xxxx or a specific OU ID e.g. o-xxxx) |
| SsManagedRegions | Comma separated list of regions managed by Sandbox Studio, e.g. eu-west-2,us-east-1 |
About this Stack
Purpose
-
Creates multiple Organisational Units (OUs) to contain all sandbox accounts.
-
Applies Service Control Policies (SCPs) to those OUs to enforce guardrails.
Where to deploy
-
Organisation management account only. Creating OUs and attaching SCPs requires management‑account permissions.
What it creates
-
OU structure under your AWS Organisation or specific existing OU that you specify.
-
A set of SCPs applied to the OU(s).
Validation checks
-
New OUs are visible in AWS Organisations.
-
SCPs are attached to the target OUs and show as Active.
Tips
-
Review isntalled SCPs and enhance or relax as needed to suit your organisation's security requirements.
No comments to display
No comments to display