AWS Innovation Sandbox API

A FastAPI application for managing AWS Innovation Sandbox accounts and resources.

Features

• Lease Management: Request and manage sandbox account leases
• Cross-Account Resource Discovery: Get snapshots of services and resources from actual leased sandbox accounts
• CloudFormation Generation: Create CloudFormation templates from existing resources in target accounts
• Account Management: Release sandbox accounts back to the pool
• Health Diagnostics: Check cross-account access status for troubleshooting

Available Lease Template

no-approval-sb-accounts

• Description: These accounts require no prior approval
• Max Budget: $50
• Duration: 2 days
• Approval: No approval required
• UUID: 272540e4-1af0-4f05-84aa-c437e8197b74

Setup

1. Install dependencies:

pip install -r requirements.txt

2. Copy environment file and configure:

cp .env.example .env

3. Update .env with your credentials:

• ISB_API_BASE_URL: Your Innovation Sandbox API endpoint
• ISB_JWT_TOKEN: JWT token for authentication (automatically used by all API endpoints)
• AWS_ACCESS_PORTAL_URL: AWS Access Portal URL for sandbox account access
• AWS credentials for cross-account role assumption

Note: The JWT token is automatically handled by the API - no need to include Authorization headers in requests.

Running

Local Development

python3 -m venv venv # Start virtual environment
source venv/bin/activate # Activate virtual environment
pip install -r requirements.txt # Install dependencies
python run.py # Start server 

The API will be available at http://localhost:8000

API Endpoints

Leases

• POST /api/v1/leases/ - Create a new lease
• GET /api/v1/leases/ - List all leases
• DELETE /api/v1/leases/{account_id} - Terminate a lease by account ID

Resources

• GET /api/v1/resources/{account_id}/diff - Get resource snapshot with count

Templates

• POST /api/v1/templates/generate - Generate CloudFormation template
• GET /api/v1/templates/lease-templates - Get available lease templates

Accounts

• GET /api/v1/accounts/ - List accounts
• GET /api/v1/accounts/{account_id} - Get account details

Health

• GET /api/v1/health/cross-account/{account_id} - Check cross-account access for specific account

Testing with cURL

Leases

Create a new lease:

curl -X POST "http://localhost:8000/api/v1/leases/" \
  -H "Content-Type: application/json" \
  -d '{
    "leaseTemplateUuid": "272540e4-1af0-4f05-84aa-c437e8197b74"
  }'

List all leases:

curl "http://localhost:8000/api/v1/leases/"

Terminate a lease:

curl -X DELETE "http://localhost:8000/api/v1/leases/{account_id}"

Resources

Get resource snapshot:

curl "http://localhost:8000/api/v1/resources/{account_id}/diff"

Templates

Generate CloudFormation template:

curl -X POST "http://localhost:8000/api/v1/templates/generate" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId": "123456789012",
    "includeResourceTypes": ["EC2", "S3"]
  }'

Get available lease templates:

curl "http://localhost:8000/api/v1/templates/lease-templates"

Accounts

List accounts:

curl "http://localhost:8000/api/v1/accounts/"

Get account details:

curl "http://localhost:8000/api/v1/accounts/{account_id}"

Health

Check cross-account access:

curl "http://localhost:8000/api/v1/health/cross-account/{account_id}"