# Step 1: Deploy the AccountPool stack

Install the AccountPool CloudFormation stack in the organisation management account.

#### How to Install this Stack

1. Login to the AWS Management Console using the **Organisation Management Account.**
2. Navigate to the **CloudFormation** page.
3. Click **Create Stack** and select **With new resources (standard)**.
4. For Template Source, select **Amazon S3 URL** and enter the CloudFormation Template URL shown below and click **Next**.
5. On the **Specify Stack** page, enter the stack name '**SandboxStudio-AccountPool**' and use the parameters shown below.

---

#### CloudFormation Template URL

```
https://sandbox-studio-software-dist.s3.amazonaws.com/versions/<VERSION>/SandboxStudio-AccountPool.template.json
```

For more information on how to find the latest version, [click here](https://docs.sandboxstudiosoftware.com/books/installation-guide/page/aws-cloudformation-templates "AWS CloudFormation templates").

---

#### Parameters

<div class="_tableContainer_sk2ct_1" id="bkmrk-key-what-to-enter-na"><div class="_tableWrapper_sk2ct_13 group flex w-fit flex-col-reverse" tabindex="-1"><table class="w-fit min-w-(--thread-content-width)" data-end="5123" data-start="4515" style="width: 115.595%; height: 148.984px;"><thead data-end="4616" data-start="4515"><tr data-end="4616" data-start="4515" style="height: 29.7969px;"><th data-col-size="sm" data-end="4535" data-start="4515" style="width: 23.3945%; height: 29.7969px;">**Key**</th><th data-col-size="md" data-end="4616" data-start="4535" style="width: 76.6055%; height: 29.7969px;">**What to enter**</th></tr></thead><tbody data-end="5123" data-start="4719"><tr data-end="4820" data-start="4719" style="height: 29.7969px;"><td data-col-size="sm" data-end="4739" data-start="4719" style="width: 23.3945%; height: 29.7969px;">**Namespace**</td><td data-col-size="md" data-end="4820" data-start="4739" style="width: 76.6055%; height: 29.7969px;">3–8 chars, e.g. `MySs`</td></tr><tr data-end="4922" data-start="4821" style="height: 29.7969px;"><td data-col-size="sm" data-end="4841" data-start="4821" style="width: 23.3945%; height: 29.7969px;">**HubAccountId**</td><td data-col-size="md" data-end="4922" data-start="4841" style="width: 76.6055%; height: 29.7969px;">12‑digit Hub account ID</td></tr><tr data-end="5023" data-start="4923" style="height: 29.7969px;"><td data-col-size="sm" data-end="4943" data-start="4923" style="width: 23.3945%; height: 29.7969px;">**ParentOuId**</td><td data-col-size="md" data-end="5023" data-start="4943" style="width: 76.6055%; height: 29.7969px;">OU ID to nest Sandbox OUs under (e.g. your **root ID** `r-xxxx` or a specific OU ID e.g. `o-xxxx`)</td></tr><tr data-end="5123" data-start="5024" style="height: 29.7969px;"><td data-col-size="sm" data-end="5047" data-start="5024" style="width: 23.3945%; height: 29.7969px;">**SsManagedRegions**</td><td data-col-size="md" data-end="5123" data-start="5047" style="width: 76.6055%; height: 29.7969px;">Comma separated list of regions managed by Sandbox Studio, e.g. `eu-west-2,us-east-1`</td></tr></tbody></table>

</div></div>---

#### About this Stack

**Purpose**

- Creates multiple **Organisational Units (OUs)** to contain all sandbox accounts.
- Applies **Service Control Policies (SCPs)** to those OUs to enforce guardrails.

**Where to deploy**

- **Organisation management account** only. Creating OUs and attaching SCPs requires management‑account permissions.

**What it creates**

- OU structure under your AWS Organisation or specific existing OU that you specify.
- A set of SCPs applied to the OU(s).

**Validation checks**

- New OUs are visible in **AWS Organisations**.
- SCPs are attached to the target OUs and show as **Active**.

**Tips**

- Review isntalled SCPs and enhance or relax as needed to suit your organisation's security requirements.

<div _ngcontent-ng-c3818350049="" class="markdown markdown-main-panel enable-updated-hr-color" dir="ltr" id="bkmrk--3"></div>