A hands-on workshop guide for deploying the AWS Innovation Sandbox solution, enabling organizations and learning groups to experiment with AWS services in isolated, cost-controlled sandbox accounts.
Workshop Site: https://ihatesea69.github.io/Innovation_Lab_Workshop/
The solution provides a managed environment where users can spin up isolated AWS accounts for experimentation without compromising security or incurring unexpected costs.
Sandbox accounts transition through defined states: Available → Active → Frozen → Cleanup → Quarantine, with automated resource cleanup and cost monitoring at each stage.
| Service | Purpose |
|---|---|
| AWS IAM Identity Center | User authentication and access management |
| AWS Organizations | Multi-account governance and OU grouping |
| Amazon CloudFront | Web distribution and API forwarding |
| AWS WAF | Security filtering for dynamic routes |
| AWS Lambda | Provisioning logic and sandbox management |
| AWS Step Functions | Account state machine orchestration |
| Amazon EventBridge | Time-based and event-driven task triggers |
| AWS AppConfig | Solution configuration storage |
| AWS CloudFormation | Infrastructure as code deployment |
The workshop is divided into five sections, requiring approximately 2 hours to complete:
- Prerequisites (15-20 min): Prepare AWS environment and create required accounts
- Deployment (45 min): Deploy CloudFormation stacks and configure infrastructure
- Configuration (15 min): Set up SAML integration and user access
- Using the Sandbox (30 min): Learn the solution through Admin, Manager, and User roles
- Cleanup: Remove all deployed resources
- AWS account with administrative access
- Understanding of AWS Organizations and AWS IAM Identity Center
- Basic knowledge of AWS CloudFormation
This workshop is built with Hugo using the Learn theme.
# Clone the repository
git clone https://github.com/ihatesea69/Innovation_Lab_Workshop.git
cd Innovation_Lab_Workshop
# Initialize submodules (for theme)
git submodule update --init --recursive
# Run local development server
hugo server -DAccess the local site at http://localhost:1313
For corrections, suggestions, or contributions, please contact: [email protected]
This project is licensed under the MIT License.