The Innovation Sandbox on AWS solution allows cloud administrators to set up and recycle temporary sandbox environments by automating the implementation of security and governance policies,spend management mechanisms, and account recycling preferences through a web user interface (UI). Using the solution, customers can empower their teams to experiment, learn, and innovate with AWS services in production-isolated AWS accounts that are recycled after use.
To find out more about Innovation Sandbox on AWS visit our AWS Solutions page.
- Innovation Sandbox on AWS
For more details, please refer to the Architecture Overview section of the implementation guide.
In order to test, build, and deploy the solution from source the following prerequisites will be required for your development environment:
- MacOS or Amazon Linux 2 Operating System
- Cloned Repository
- Node 22
- Python (Optional)
- Pre-Commit (Optional)
- Docker (Optional)
Once your development environment meets the minimum requirements install the necessary dependencies, navigate to the root of the repository and run:
npm installNote: Many of the commands in this file expect you to have appropriate AWS CLI access to the target accounts configured. If you have a multi-account deployment you will need to switch between account credentials to perform the commands on the appropriate accounts.
Before you start working from the Innovation Sandbox on AWS repository you must first configure your environment. Use the following command to generate a .env file to begin:
npm run env:initIn the .env file configure the required values. The file provides comments as to what each environment variable does. The optional ones are not required to deploy the solution.
The solution requires several prerequisite steps before attempting to deploy the solution. See the implementation guide for more details.
| Stack | CloudFormation Launch Link | S3 Download Link |
|---|---|---|
| Account Pool | Launch | Download |
| IDC | Launch | Download |
| Data | Launch | Download |
| Compute | Launch | Download |
Deploying the solution from source uses AWS CDK to do so. If you have not already you will need to bootstrap the target accounts with the following command:
npm run bootstrapTo deploy the solution into a single account, run the following command from the repository root:
npm run deploy:allTo deploy the individual cloudformation stacks for a multi-account deployment, use the following commands for each of the stacks:
npm run deploy:account-pool
npm run deploy:idc
npm run deploy:data
npm run deploy:computeBefore the solution is fully functional the post deployment tasks must be completed. See the implementation guide for more details.
To run unit tests for all packages in the solution, run the following command from the repository root:
npm testTo also update snapshot tests run the following command from the repository root:
npm run test:update-snapshotsFirst make sure that the E2E Test Configs section of the .env file is configured.
Note: The E2E tests assume that all stacks are deployed into the same AWS Account for testing purposes. The test suite will not run if you have multi-account deployment.
To run the E2E tests run the following command:
npm run e2eAdditionally, if you want to run the full test suite including slower tests such as those for the account cleaner, run the following command:
npm run e2e:slowFor development purposes it may be useful to use a custom ECR image to test updates to AWS Nuke or just host the image in your account.
Note: Make sure you have the docker engine installed and running on your machine to perform the steps in this section.
Follow these steps to configure deployment to use a private ECR image:
- In the account and region the compute stack is deployed into, create a new private ecr repository. You can name it whatever you like but we suggest something like
innovation-sandbox. - Configure your
.envfile with thePRIVATE_ECR_REPOandPRIVATE_ECR_REPO_REGIONenvironment variables. This should be the region and name for the private repo you just created. - From the root of the innovation sandbox repo run the following command:
This will build the dockerfile located at
npm run docker:build-and-push
source/infrastructure/components/account-cleaner/Dockerfileand push it to the ECR repo configured in your .env file. - If you have already deployed the solution you will need to deploy the compute stack again to have the solution use the private ecr repo. To do that run the following command:
npm run deploy:compute
To uninstall the solution, run the following command from the repository root:
npm run destroy:allIf you had used a multi-account deployment or only want to destroy certain stacks you can use the following commands:
npm run destroy:account-pool
npm run destroy:idc
npm run destroy:data
npm run destroy:computeThis solution incurs cost for both the solution infrastructure and any activity that occurs within the sandbox accounts. Cost will vary greatly based on sandbox account usage.
For more details on solution infrastructure cost estimation see the implementation guide.
root
├── deployment/ # shell scripts to generate native cloudformation distributables
│ ├── global-s3-assets # generated dist files for cdk synthesized cloudformation templates
│ ├── regional-s3-assets # generated dist files for zipped runtime assets such as lambda functions
│ └── build-s3-dist.sh # builds solution into distributable assets that can be deployed with cloudformation
├── docs/ # shell scripts to generate native cloudformation distributables
├── scripts/ # scripts used to run checks on the repository
├── source/ # source code separated into multiple stand alone packages
│ ├── common # common libraries used across the solution
│ ├── e2e # e2e test suite
│ ├── frontend # frontend vite application
│ ├── infrastructure # cdk application consisting of solution infrastructure
│ ├── lambdas # lambda function runtime code, contains multiple lambdas each of which is its own package
│ └── layers # lambda layers, contains multiple layers each of which is its own package
├── .pre-commit-config.yaml # pre-commit hook configurations
└── package.json # top level npm package.json file with scripts to serve as orchestrated monorepo commands
This repository uses pre-commit. Pre-commit is a framework for managing and maintaining multi-language pre-commit hooks which are scripts that run every time you make a commit. This offers automated checks with quick feedback cycles that enable code reviewers to focus on architecture and design rather than syntax and style.
To install the hooks, run the following commands:
# this installs the pre-commit package manager
pip install pre-commit# this will install the hook scripts contained in the .pre-commit-config.yaml file
pre-commit installOnce installed pre-commit hooks will be ran on each commit preventing commits that do not pass the configured checks. Certain hooks will automatically alter and reformat code so that you don't have to.
If you would like to run the hooks without making a commit, run the following command.
pre-commit run --all-filesFor more information on pre-commit, refer to the official documentation here.
This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the implementation guide.
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/ or in the "LICENSE" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and limitations under the License.
For questions or feedback about this solution, please contact:
- AWS Solutions: [email protected]
- GitHub Issues: Submit questions or issues through the GitHub repository issues page