About the AWS Sandbox

The AWS Sandbox is meant to provide an open environment for you to come up with and work through your training scenarios. It is an unguided experience where you determine what services, tools, and resources you'd like more practice with! We allow a variety of tools and services within AWS, so you have as many choices as possible when working through your training. We are expanding support for new services monthly!

Allowed Services

Amazon Certificate Manager (ACM) - excluding Private Cert Authority
Analytics: CloudSearch
API Gateway v1
API Gateway V2
Application Autoscaling
Application Discovery Service
Athena
Auto Scaling
Cloud Directory
Cloud9
CloudFormation
CloudFront
CloudTrail
CloudWatch
CodeCommit
CodeDeploy
CodePipeline
Comprehend
Config
DataPipeline
Database Migration Service
DynamoDB
DynamoDB Accelerator (DAX)
EC2 Container Registry (ECR)
EC2 Container Service (ECS)
Elastic Beanstalk
Elastic Compute Cloud (EC2)
Elastic Container Service for Kubernetes (EKS)
Elastic File System (EFS)
Elastic Load Balancing (ELB)

Elastic MapReduce (EMR)
Elastic Transcoder
ElastiCache
Firehose
Elasticsearch Service
Glue
Greengrass
GuardDuty
Health APIs and Notifications
Identity and Access Management (IAM)
Inspector
IoT
IoT Analytics
IoT OneClick (Projects only)
Kafka
Key Management Service (KMS)
Kinesis
Kinesis Analytics
Kinesis Video Streams
Lambda
Lex
Migration Hub
OpsWorks
OpsWorksCM
Performance Insights
Polly

Redshift
Rekognition
Relational Database Service (RDS)
Resource Groups
Resource Groups Tagging API
Route 53
Route 53 Resolver
Secrets Manager
Security Token Service (STS)
Server Migration Service
Simple Email Service (SES)
Simple Notification Service (SNS)
Simple Queue Service (SQS)
Simple Storage Service (S3)
Simple Systems Manager (SSM)
States (Step Functions)
Textract
Transcribe
Translate
Web Application Firewall (WAF) v1 ONLY
Web Application Firewall (WAF) Regional v1 ONLY

AWS Sandbox Limits

We try to minimize the limitations of our Sandboxes to provide the most comprehensive training opportunity possible. Unfortunately, there are some limits to what we can provide. Refer to the list below for specific limits we enforce on our AWS Sandbox.

NOTE: This list covers the specific limits to allowed services, but is NOT a comprehensive list of denied services. Any Service not explicitly allowed above will be denied.

All Services

No Purchasing or Billing permissions
Cannot modify Account settings

EC2 Limits

ONLY these Instance Types are allowed:
- t2.micro to t2.medium
- t3.micro to t3.medium
Max Volume Size of 50GB
Max Volume IOPS of 150
NO Elastic GPU

EMR Limits

Can ONLY use m4.large instance type

IAM Limits

Cannot modify cloud_user or the admin role.
Cannot use or set up SSO
Additional checks enforced via Abuse Checks (see below)

RDS Limits

ONLY these Instance Types are allowed:
- db.t2.micro to db.t2.medium
- db.t3.micro to db.t3.medium
Cannot use Provisioned IOPS
Max Storage size of 50GB

Redshift

ONLY dc2.large Instance Types
Max Cluster Node count of 3

Abuse Detection

In addition to the specific limits listed above, we also have an abuse detection setup for our labs. We do not divulge the specifics of how or what we look for with this process to prevent exploitation. The purpose of the abuse detection is to ensure compliance with our Terms of Service. Any detection of abusive use can result in immediate termination of the running lab, loss of access to labs or other resources, or more severe consequences up to and including permanent account closure.

A few examples of abuse are listed below. This list is NOT comprehensive. If you have questions on whether your activity may be detected as abuse, please contact our support team BEFORE starting the activity or action.

10 or more instances created at a time
Attempting to use resources for Bitcoin Mining
Excessive Network Traffic
DDoS or Port Scanning External Hosts

What can I do with the AWS Sandbox?