Update AWS AppConfig

AWS AppConfig is used by Sandbox Studio to store its runtime configuration. You will need to update this configuration after the CloudFormation stacks have been deployed so that Sandbox Studio knows how to authenticate users and where to route traffic.

If AppConfig is not updated correctly, users will not be able to log in or send/receive notifications.

Open AWS AppConfig
- In the Hub account, go to the AWS Console.
- Navigate to AWS AppConfig under Systems Manager.
Locate the Sandbox Studio configuration profile
- The SandboxStudio-Data stack creates an AppConfig application and configuration profile.
- Use the stack outputs to identify the:
  - Application ID
  - Environment ID
  - Configuration Profile ID

Edit the configuration
Update the following fields with values from your environment:

Setting	Description
IdP Sign In URL	The login URL from your Identity Center SAML application.
IdP Sign Out URL	The logout URL from your Identity Center SAML application.
IDP Audience	The SAML audience used when previously setting up the IAM Identity Center Application.
Web App URL	The URL for users to access Sandbox Studio (CloudFront URL or your custom DNS).
AWS Access Portal URL	The IAM Identity Center portal URL.
Notification Email	The “From” address Sandbox Studio uses to send emails (must be verified in SES).

Deploy the configuration
- Save the updated configuration.
- Create a new hosted configuration version.
- Deploy the configuration to the Sandbox Studio environment.

You're application config should look like the YAML configuration shown below.

Note: you should only update the auth and notification attributes and leave other attributes in place.

...
auth:
  idpSignInUrl: https://portal.sso.<region>.amazonaws.com/saml/assertion/<id>
  idpSignOutUrl: https://portal.sso.<region>.amazonaws.com/saml/logout/<id>
  idpAudience: SandboxStudio
  awsAccessPortalUrl: https://d-<id>.awsapps.com/start
  webAppUrl: https://<id>.cloudfront.net
  sessionDurationInMinutes: 60
notification:
  emailFrom: sandboxstudio@example.com
...

Overview

Core Capabilities

Concepts and definitions

Solution Architecture

AWS services in this solution

Security & Compliance

Roles deployed by the solution

Secrets & Encryption keys

Data stored (and where)

Prerequisite Skills and Specialised Knowledge

Installation Prerequisites

Choosing your region(s)

Choosing the hub account

Understand running costs

Creating sandbox accounts

External identity provider setup (Optional)

Running the Installation Wizard

Update Sandbox Studio

Before you start...

Overview of what you'll do

AWS CloudFormation templates

Step 1: Deploy the AccountPool stack

Step 2: Deploy the IDC stack

Step 3: Deploy the Network stack

Step 4: Deploy the Data stack

Step 5: Deploy the SES stack

Step 6: Deploy the Compute stack

Step 7: Deploy the API stack

Create an IAM Identity Center application

Add initial users

Update AWS AppConfig

Update AWS Secrets Manager

Logging into the web UI

Setup a custom domain (Optional)

Free Tier and Upgrading

End User Licence Agreement (EULA)

Update AWS AppConfig