AWS Innovation Sandbox
Publication date: August 9, 2021 (Diagram history)
This architecture enables you to deploy secure, self-contained, isolated environments to allow developers, security professionals, and infrastructure teams to safely experiment with AWS services and third-party applications that run on AWS. This architecture can also be deployed on AWS using AWS CloudFormation templates that launch and configure the AWS services required to deploy this solution using AWS best practices for security and availability.
AWS Innovation Sandbox
-
An AWS CloudFormation template creates two new AWS accounts and two new organizational units (OUs):
An organizational unit containing the management account, an Amazon Virtual Private Cloud (Amazon VPC) running a NAT gateway, an AWS Transit Gateway, and an internet gateway.
An organizational unit containing the sandbox account and an Amazon VPC.
-
The solution’s sandbox account has no direct access to the Internet. Ingress and egress traffic to this sandbox account are routed through AWS Transit Gateway to the solution’s management account. Access to the sandbox account is restricted via the AWS Identity and Access Management (IAM) condition key
aws:SourceIp
, to allow access only from the management account (allowing for a self-contained environment -
An Amazon AppStream 2.0 image is created by the customer with required applications and tools.
-
A second CloudFormation template uses the image created in Step 3 to launch an instance fleet, where AppStream 2.0 end users connect to access the sandbox account.
Download editable diagram
To customize this reference architecture diagram based on your business needs, download the ZIP file which contains an editable PowerPoint.
Create a free AWS account
Sign up for an AWS account. New accounts include 12 months of AWS Free Tier
Further reading
For additional information, refer to
Diagram history
To be notified about updates to this reference architecture diagram, subscribe to the RSS feed.
Change | Description | Date |
---|---|---|
Initial publication | Reference architecture diagram first published. | August 9, 2021 |
Note
To subscribe to RSS updates, you must have an RSS plugin enabled for the browser you are using.