Search Results

Term / Concept Description Account Recycling The process of cleaning and reusing sandbox accounts after they hit budget or time limits. This reduces AWS account sprawl, optimises resource use, and minimises administrative work by resetting acc...

What is Sandbox Studio? Sandbox Studio is a web-based solution that helps cloud administrators manage temporary AWS sandbox environments. It automates the enforcement of security policies, governance rules, budget controls, and account recycling settings — al...

Sandbox Studio uses a combination of AWS managed services to securely deliver, manage, and clean up sandbox environments. The table below describes the core AWS services used in the solution. AWS Service Description Amazon CloudFront Acts...

When setting up Sandbox Studio, choosing the correct AWS Regions is an important step. The regions you select determine where the solution is deployed, which regions users can access, and how accounts are cleaned up. 1. Identify Your Home Region In an AWS ...

Sandbox Studio is packaged as a set of AWS CloudFormation stacks. If you decide to manually install Sandbox Studio, you must deploy them in the order shown below and into specific AWS accounts. This page explains each stack, where to deploy it, and why the ord...

Sandbox Studio provides a range of tools to make AWS sandbox account management fast, safe, and cost-effective. The table below explains the core capabilities of the platform, how it works, and the specific benefits it can bring to your teams. Capabilit...

Running Sandbox Studio does involve some ongoing AWS costs, but these are generally modest and reflect the standard services needed to keep things running securely and reliably. You can think of them as the “behind-the-scenes” charges for the hub account that ...

Sandbox Studio requires multiple AWS accounts to function. These accounts follow a hub-and-spoke model, where a central hub account manages a pool of sandbox accounts. The organisation management account also plays a key role, as certain AWS services can only ...

Sandbox Studio solution is built entirely on AWS services, with each component playing a specific role in delivering, securing, and managing sandbox environments. The architecture uses managed services to ensure scalability, security, and automation. The diag...

After logging into the Sandbox Studio UI, as a Manager, you will land on your Manager's Home page. As a Sandbox Studio Manager, you have the dual capability of overseeing the environment for your end users and also requesting and accessing AWS Accounts your...

On the Add a new Account Template page, complete the required fields in the Basic Details section. For Name, enter a descriptive name for your lease template so that you can easily keep track of it. (Optional) For the description, specify the inten...

This step defines the budget limits for leases using this template. Define if you want a maximum budget to be enforced for the leases. By default, this flag is optional (You can define templates with no budget limits), but platform administrators can enfo...

This step defines the maximum duration for leases using this template. Define if you want a maximum duration to be enforced for the leases. If you select Set an expiry date, enter a value in Maximum Lease Duration (in Months, Days or Hours). The duration...

Using Permissions, you can configure what the end users can and cannot do in their accounts.  Sandbox Studio uses IAM Identity Center Permissions Sets for permissions. You can see more details explaining each of the sections of this page at https://docs.aws.a...

In this section, you define if leases can be shared, if they require approval, and who can manage and approves them. Team sharing (1) In the Team Sharing section of the page. A simple toggle that once enabled will require the Manager or Administrator to ...

After logging into the web UI, the following page displays. From the home page (Figure 1), you can: Request a new account See (1)  . For more information see: Requesting a new account. View all of your current AWS Accounts.  See (2) View your overall spe...

You can request an account to gain access to an AWS environment. To request an account: After logging in to the web UI, on the home page you can choose Request an Account. Next, select the account type you want to request. Account types are created ...

Once you’ve requested an account and the account is in an Active state, you can access login to the associated AWS console. On the home page, select Login to account (1) for the account you want to access. This directs you to the AWS Access portal.  ...