Step 2: Deploy the IDC stack
Install the IDC CloudFormation stack in the organisation management account.
How to Install this Stack
- Login to the AWS Management Console using the Organisation Management Account.
- Navigate to the CloudFormation page.
- Click Create Stack and select With new resources (standard).
- For Template Source, select Amazon S3 URL and enter the CloudFormation Template URL shown below and click Next.
- On the Specify Stack page, enter the stack name 'SandboxStudio-IDC' and use the parameters shown below.
CloudFormation Template URL
https://sandbox-studio-software-dist.s3.amazonaws.com/versions/<VERSION>/SandboxStudio-IDC.template.jsonFor more information on how to find the latest version, click here.
Parameters
| Key | What to enter |
|---|---|
| Namespace | Use the same namespace you used in step 1. |
| HubAccountId | 12‑digit Hub account ID |
| IdentityStoreId | From IAM Identity Center |
| SsoInstanceArn | From IAM Identity Center |
| AdminGroupName | Default: <Namespace>_SsAdminsGroup |
| ManagerGroupName | Default: <Namespace>_SsManagersGroup |
| UserGroupName | Default: <Namespace>_SsUsersGroup |
About this Stack
Purpose
-
Sets up IAM Identity Center groups, permissions and roles used by Sandbox Studio. You add users to these groups to grant role‑based access to the application.
Where to deploy
-
Organisation management account, even if you have delegated IAM Identity Center administration to another account.
What it creates
-
A set of IDC groups aligned to Sandbox Studio roles (for example: administrators, managers, end users).
Validation checks
-
Groups appear in IAM Identity Center.
-
Assigning a user to a group grants the expected application role after sign‑in.
Tips
-
Add test users to each group and confirm the correct level of access in the UI before onboarding wider teams.
No comments to display
No comments to display