Provision isolated, self-contained environments to securely evaluate, explore, and build proof-of-concept (POC) applications that run on AWS - AWS Innovation Sandbox

Provision isolated, self-contained environments to securely evaluate, explore, and build proof-of-concept (POC) applications that run on AWS

Publication date: August 2021

The AWS Innovation Sandbox solution provisions isolated, self-contained, environments to help developers, security professionals, and infrastructure teams to securely evaluate, explore, and build proof-of-concepts (POCs) using AWS services and third-party applications that run on AWS.

The sandbox environment implements security controls to manage access and permissions through a browser-based Amazon AppStream 2.0 connection, minimizing the risk of data exfiltration from the user’s network environment.

This solution includes the following key features:

  • Account isolation: Create sandbox accounts within an existing AWS Organizations with networking isolation to keep existing accounts secure.

  • Secure guardrails: Secure controls with custom AWS Identity and Access Management (IAM) roles to allow users to experiment freely while restricting administrative changes to the sandbox account.

  • Detective controls: Amazon CloudTrail logs are activated, stored, and secured to ensure sandbox activities’ auditing.

  • Data movement restrictions: Prevents users from uploading data directly from their local machines. Data access is controlled by AWS Innovation Sandbox administrators.

This solution also creates IAM roles that allow elevated access to the sandbox account to allow environment customization, as needed.

This implementation guide describes architectural considerations and configuration steps for deploying AWS Innovation Sandbox in the Amazon Web Services (AWS) Cloud. It includes links to AWS CloudFormation templates that launch and configure the AWS services required to deploy this solution using AWS best practices for security and availability.

This guide is intended for IT architects, developers, DevOps, data analysts, and marketing technology professionals who have practical experience architecting in the AWS Cloud.