AWS has recently introduced Innovation Sandbox on AWS, a new open source solution for managing AWS sandbox environments through a web user interface. This solution enables developers to provision and manage secure, cost-effective, and recyclable temporary sandbox environments.
By automating the implementation of security and governance policies, spend management mechanisms, and account recycling processes, Innovation Sandbox on AWS minimizes the overhead typically associated with managing sandbox environments at scale. The solution uses CloudFormation templates and stacks to automate its deployment.
Source: AWS documentation
According to the documentation, the solution allows developers to set up short-lived sandbox environments by automating the deployment of a sandbox organizational unit (OU) structure with nested OUs that guide the sandbox account lifecycle and adhere to workload isolation best practices.
While it enables account recycling by providing the ability to use accounts for a predefined duration or spend threshold and cleaning up the account at the end of its sandbox use, it does not create new or close existing AWS accounts, instead recycling accounts to promote reuse.
The open source template supports instant account provisioning, automated cost monitoring, pre-configured security best practices, and automated account cleanup for seamless operations. While Innovation Sandbox on AWS sends warnings to users when a specific percentage of the AWS Budget or allocated time has been used, the solution is a wrapper of existing services and does not allow setting hard caps on spending.
The ability to set up temporary environments has been a long-standing request from the AWS community, with practitioners discussing various ideas for automated sandbox setups in the past. Ndimofor Ateh Rosius, CTO of Educloud, comments:
This is amazing. Most students can’t take hands on workshops on Educloud Academy because they don’t have AWS accounts and it was always a headache to provision ephemeral accounts for them.
Radek Antoniuk, fractional CTO, adds:
Amazing! I feel like this should’ve been there since the start of AWS so I’m even more excited!
Managing sandbox environments is a challenge that various cloud providers try to address in different ways. Microsoft offers Azure Sandbox, a collection of interdependent configurations for implementing common Azure services on a single subscription, providing a sandbox environment for experimenting with Azure services and capabilities. Google Cloud provides free trial accounts, where all resources created are stopped at the end of the trial without charges unless the customer activates a full paid account.
The cost for running Innovation Sandbox on AWS depends on the deployment configuration: for example, managing 50 accounts, with 30 leases per month and 10 lease templates, will cost approximately $36 in the cheapest AWS region, excluding costs incurred by sandbox account usage. Most of the solution’s costs are associated with the usage of AWS WAF, the managed web application firewall, and AWS CodeBuild, the managed continuous integration service.
The source code is available on GitHub under an Apache 2.0 license.
