# Update AWS AppConfig

AWS AppConfig is used by Sandbox Studio to store its runtime configuration. You will need to update this configuration after the CloudFormation stacks have been deployed so that Sandbox Studio knows how to authenticate users and where to route traffic.

If AppConfig is not updated correctly, users will not be able to log in or send/receive notifications.

1. Open AWS AppConfig
    
    
    - In the **Hub account**, go to the AWS Console.
    - Navigate to [AWS AppConfig](https://console.aws.amazon.com/systems-manager/appconfig) under **Systems Manager**.
2. **Locate the Sandbox Studio configuration profile**
    
    
    - The **SandboxStudio-Data** stack creates an AppConfig application and configuration profile.
    - Use the stack outputs to identify the:
        
        
        - **Application ID**
        - **Environment ID**
        - **Configuration Profile ID**
3. **Edit the configuration**  
    Update the following fields with values from your environment:
    
    <div class="_tableContainer_sk2ct_1"><div class="_tableWrapper_sk2ct_13 group flex w-fit flex-col-reverse" tabindex="-1"><table class="w-fit min-w-(--thread-content-width)" data-end="1905" data-start="1050" style="width: 119.072%; height: 290.563px;"><thead data-end="1102" data-start="1050"><tr data-end="1102" data-start="1050" style="height: 27.7969px;"><th data-col-size="sm" data-end="1077" data-start="1050" style="width: 25.0323%; height: 27.7969px;">Setting</th><th data-col-size="md" data-end="1091" data-start="1077" style="width: 74.9677%; height: 27.7969px;">Description</th></tr></thead><tbody data-end="1905" data-start="1162"><tr data-end="1289" data-start="1162" style="height: 46.5938px;"><td data-col-size="sm" data-end="1189" data-start="1162" style="width: 25.0323%; height: 46.5938px;">**IdP Sign In URL**</td><td data-col-size="md" data-end="1249" data-start="1189" style="width: 74.9677%; height: 46.5938px;">The login URL from your Identity Center SAML application.</td></tr><tr data-end="1422" data-start="1293" style="height: 46.5938px;"><td data-col-size="sm" data-end="1320" data-start="1293" style="width: 25.0323%; height: 46.5938px;">**IdP Sign Out URL**</td><td data-col-size="md" data-end="1381" data-start="1320" style="width: 74.9677%; height: 46.5938px;">The logout URL from your Identity Center SAML application.</td></tr><tr data-end="1509" data-start="1426" style="height: 29.7969px;"><td data-col-size="sm" data-end="1453" data-start="1426" style="width: 25.0323%; height: 29.7969px;">**IDP Audience**</td><td data-col-size="md" data-end="1490" data-start="1453" style="width: 74.9677%; height: 29.7969px;">The SAML audience used when previously setting up the IAM Identity Center Application. </td></tr><tr data-end="1655" data-start="1513" style="height: 46.5938px;"><td data-col-size="sm" data-end="1540" data-start="1513" style="width: 25.0323%; height: 46.5938px;">**Web App URL**</td><td data-col-size="md" data-end="1622" data-start="1540" style="width: 74.9677%; height: 46.5938px;">The URL for users to access Sandbox Studio (CloudFront URL or your custom DNS).</td></tr><tr data-end="1760" data-start="1659" style="height: 46.5938px;"><td data-col-size="sm" data-end="1686" data-start="1659" style="width: 25.0323%; height: 46.5938px;">**AWS Access Portal URL**</td><td data-col-size="md" data-end="1724" data-start="1686" style="width: 74.9677%; height: 46.5938px;">The IAM Identity Center portal URL.</td></tr><tr data-end="1905" data-start="1764" style="height: 46.5938px;"><td data-col-size="sm" data-end="1791" data-start="1764" style="width: 25.0323%; height: 46.5938px;">**Notification Email**</td><td data-col-size="md" data-end="1874" data-start="1791" style="width: 74.9677%; height: 46.5938px;">The “From” address Sandbox Studio uses to send emails (must be verified in SES).</td></tr></tbody></table>
    
    </div></div>
4. **Deploy the configuration**
    
    
    - Save the updated configuration.
    - Create a new hosted configuration version.
    - Deploy the configuration to the **Sandbox Studio environment**.

You're application config should look like the YAML configuration shown below.

**Note:** you should only update the **auth** and **notification** attributes and leave other attributes in place.

```
...
auth:
  idpSignInUrl: https://portal.sso.<region>.amazonaws.com/saml/assertion/<id>
  idpSignOutUrl: https://portal.sso.<region>.amazonaws.com/saml/logout/<id>
  idpAudience: SandboxStudio
  awsAccessPortalUrl: https://d-<id>.awsapps.com/start
  webAppUrl: https://<id>.cloudfront.net
  sessionDurationInMinutes: 60
notification:
  emailFrom: sandboxstudio@example.com
...
```

<div _ngcontent-ng-c3818350049="" class="markdown markdown-main-panel enable-updated-hr-color" dir="ltr" id="bkmrk--1"></div>