Step 2: Deploy the IDC stack

This needs a proper look at by the techies.

In this step, you will deploy the resources required to set up IDC, including mappings, roles, policies, and other configuration.

Important: Ensure that you log in using the account where you have configured the IAM Identity Center Instance for your AWS Organization.

Launch Solution Button

Note: The template launches in the US East (N.Virginia) Region by default. To launch the solution in a different AWS Region, use the Region selector in the console navigation bar.

On the Create stack page, verify that the correct template URL is in the Amazon S3 URL text box, and choose Next.
On the Specify stack details page, enter a stack name for your solution stack. For information about naming character limitations, see IAM and AWS STS quotas, name requirements, and character limits in the AWS Identity and Access Management User Guide.
Under Parameters, review the parameters for this solution template and modify them as necessary. This solution uses the following default values.

Parameter	Default	Description
Namespace	`myisb`	Use the same namespace from the `AccountPool` stack deployment of Sandbox Studio. For example, myisb.
Hub Account Id	`<Requires input>`	The AWS Account Id where the Sandbox Studio Hub application (Data and Compute stacks) is (to be) deployed.
Identity Store Id	`<Requires input>`	The Identity Store Id of the IAM Identity Center Instance. Example: d-XXXXXXXXXX. To obtain the IdentityStoreId value from the IAM Identity Center console: - Log in to the account your IDC account is located in. - Open the IAM Identity Center console, and from the left pane, select Settings. - From the Settings page, on the Identity source tab, copy the Identity Store ID value.
SSO Instance Arn	`<Requires input>`	The ARN of the SSO instance in IAM Identity Center. Example: arn:aws:sso:::instance/ssoins- xxxxxxxxxxxxxxxx. To obtain the SsoInstanceArn value from the IAM Identity Center console: - Log in to the account your IDC account is located in. - Open the IAM Identity Center console, and from the left pane, select Settings. - From the Settings page, under Details, copy the Instance ARN value.
Admin Group Name	`<Empty>`	A custom name to provide for the admin group. Note: If left empty the group will be created with the name <namespace>_IsbAdminsGroup
Manager Group Name	`<Empty>`	A custom name to provide for the manager group. Note: If left empty the group will be created with the name <namespace>_IsbManagersGroup
User Group Name	`<Empty>`	A custom name to provide for the user group. Note: If left empty the group will be created with the name <namespace>_IsbUsersGroup

Choose Next.
On the Configure stack options page, review and select to acknowledge the messages under Capabilities and transforms, and choose Next.
On the Review and create page, review and confirm the settings.
Choose Submit to deploy the stack.

You can view the status of the stack in the AWS CloudFormation Console in the Status column. You should receive a CREATE_COMPLETE status in approximately 60 minutes.

Overview

Features and Benefits

Use cases

Concepts and definitions

Solution Architecture

AWS Well-Architected design considerations

AWS services in this solution

Account Cleaner components

Account lifecycle - TBCompleted

Supported AWS Regions

Running Costs

Security

Quotas

Choosing the deployment accounts

Prerequisites

AWS CloudFormation templates

Prepare to Launch the Stack

Step 1: Deploy the AccountPool stack

Step 2: Deploy the IDC stack

Step 3: Deploy the Data stack

Step 4: Deploy the Compute stack

Step 5: ?????

Create a SAML 2.0 application

Map application attributes

Assign groups to your application

Assign users to groups

Update configuration using AWS AppConfig

Update values in AWS Secrets Manager

Logging into the web UI

User Guide

Manager Guide

Administrator Guide

Monitoring the solution

Software Licence

Investigating accounts in Quarantine state

Resolving clean-up failures

End leases and eject accounts

Uninstall solution stacks

Resources retained after deletion

Delete the custom application in IAM Identity Center

Revision 1.0 - 18/07/2025

Sandbox Studio Terms and Conditions

Running the wizard

Prerequisite #1: AWS Organizations

Prerequisite #2: Service Control Policies (SCPs)

Prerequisite #3: IAM Identity Center

Prerequisite #4: Resource Access Manager

Prerequisite #5: Cloudformation Stacksets

Prerequisite #6: Cost Explorer

Prerequisite #7: IAM Identity Center Custom SAML Application

Prerequisite #8: Lambda Concurrency Limit

Prerequisite #9: Simple Email Service

Step 2: Deploy the IDC stack