Skip to main content

Running the wizard

Introduction

This wizard has been created to facilitate the installation and deployment of the Sandbox Studio solution in your environment. It automates as many steps as possible and checks for prerequisites before the installation.

image.png

Prerequisites

The wizard will automatically check for prerequisites. If any of the prerequisites are not met, the wizard will display the URL to the right documentation to help you configure your environment. 

Those are the variables you will have to set/confirm during the installation:


DescriptionInput or ConfirmComments
Management Account IDAccount ID of the Management Account of your organisation. Confirm onlyYou don't need it per say as the wizard should be executed from this account anyway, but the wizard is going to ask you to confirm the account is the correct management account.
Hub Account IDThe AWS Account ID of the "hub" account for the solution.Input*Best practice is to have a separate AWS Account to act as the "hub" for SandboxStudio.
Organization IDID of the AWS organisation used for the installation. Confirm onlyShould be the organisation where the Management Account resides
IAM Identity Center instance
ID of the IAM Identity Center InstanceConfirm only
IAM Identity Center SAML Application
Details of the custom IDC applicationConfirm / InputThe wizard will ask you to select the custom IdC application if you have already set one up. Otherwise, the script will guide you through the creation of this application.
Application namespace
Prefix to add before SandboxStudio resourcesConfirm / InputDefault: MySs
Organisation Parent ID
ID of the Organisational Unit where you want the Sandbox Studio OUs to be createdInput*

Default: Root OU

We strongly recommend having a dedicated Organisational Unit for Sandbox Studio.

AWS Regions
List of regions that Sandbox Studio will manageConfirm / Input

Comma separated list of values. Those are the regions monitored and managed by the Sandbox Studio.
ie: us-east-1,us-east-2,ap-southeast-1
Default: Region where Sandbox Studio is deployed into

Admin Group Name
List of the IdC group name from Sandbox Studio administratorsConfirm / Input

Default: <NAMESPACE>_SsAdminsGroup

ie: MySs_SsAdminsGroup

Note: Should you want to manage your groups within a third-party Identity Provider, you will need to create this group in your IdP.

Managers Group Name
List of the IdC group name from Sandbox Studio managersConfirm / Input

Default: <NAMESPACE>_SsManagersGroup

ie: MySs_SsManagersGroup

Note: Should you want to manage your groups within a third-party Identity Provider, you will need to create this group in your IdP.

Users Group Name
List of the IdC group name from Sandbox Studio usersConfirm / Input

Default: <NAMESPACE>_SsUsersGroup

ie: MySs_SsUsersGroup

Note: Should you want to manage your groups within a third-party Identity Provider, you will need to create this group in your IdP.

Allowed IP Ranges
Comma-separated list of CIDR ranges for API access
 
Confirm / Input

Default: 0.0.0.0/1,128.0.0.0/1

  • Input*: Indicates fields that are mandatory for you to fill in.

In case you have not created the SAML custom application yet, the wizard will also prompt you for the following:


DescriptionInput or ConfirmComments
Application nameName of the custom SAML application to be createdConfirm / InputDefault: Sandbox Studio
Application DescriptionDescription of the custom SAML application to be createdConfirm / InputDefault: 
Sandbox Studio allows users to access temporary AWS accounts

 

Installation

Login to your AWS Management account and open a CloudShell environment in the region where you want to install Sandbox Studio. Then, run the following commands:

wget https://sandbox-studio-software-dist.s3.us-east-1.amazonaws.com/versions/1.0.0/install_sandbox_studio.sh
chmod +x install_sandbox_studio.sh
./install_sandbox_studio.sh


The following should display:

image.png

The wizard will guide you through the installation. Enjoy !