AWS cloud sandbox

The AWS cloud sandbox provides a real AWS environment where you learn through hands-on practice. This article details levels of support, limits, and restrictions to AWS services in the sandbox.

Tip: See our AI sandboxes article for a list of supported services in the AWS AI cloud sandbox. See Cloud sandboxes: getting started for specific instructions on how to start and sign in to the sandbox of your choice.

Global restrictions

The AWS cloud sandbox is compatible with a variety of tools and services within AWS. While we strive to offer you the most comprehensive training opportunity possible, there are some limits to what we can provide in a sandbox environment.

We enforce the following restrictions on our AWS sandbox. If you don’t have access to perform an action in the sandbox, you’ll be notified according to our Hands-on playground and labs abuse protocol.

Regions

Actions in the AWS cloud sandbox are restricted to us-east-1 and us-west-2 only.

User permissions

The cloud_user role is provided for use in sandbox and lab environments.

Billing

Users cannot access purchasing or billing permissions, including access to cost data or budgets.

Supported AWS services

Reference the table below to determine whether an AWS service is supported in the sandbox and to see additional limits and restrictions.

Note: This list is subject to change. We reserve the right to add, remove, or modify support for cloud services at any time.

Service name	Level of support
Analytics
Amazon Athena	Supported
Amazon CloudSearch	Not supported
Amazon DataZone (Preview)	Not supported/potential to support
Amazon EMR	Conditionally supported: Allowed instance types: m4.large and m5.large
Amazon FinSpace	Not supported/potential to support
Amazon Kinesis	Supported
Amazon Managed Streaming for Apache Kafka (MSK)	Supported
Amazon OpenSearch Service	Conditionally supported: Allowed instance types: t2 or t3 micro, small, or medium instance types Max seven instances
OpenSearch Serverless	Will not support
Amazon QuickSight	Will not support
Amazon Redshift	Conditionally supported: Allowed instance types: ra3.large Max two nodes in a cluster Not supported: Redshift Serverless
AWS Clean Rooms (Preview)	Not supported/potential to support
AWS Data Exchange	Will not support
AWS Data Pipeline	Not supported
AWS Glue	Conditionally supported: Limits Jobs count - Maximum 3 jobs Jobs total DPU usage - Maximum 4 DPU (total across all jobs, not per job) Job runs DPU hours - Maximum 6 DPU hours used in all job runs across all jobs Sessions - Max 10 DPU hours across all sessions Restrictions Sessions disabled
AWS Lake Formation	Not supported/potential to support
Application Integration
Amazon AppFlow	Not supported/potential to support
Amazon EventBridge	Supported
Amazon Managed Workflows for Apache Airflow (MWAA)	Will not support
Amazon MQ	Not supported/potential to support
Amazon Simple Notification Service (SNS)	Supported
Amazon Simple Queue Service (SQS)	Supported
AWS Step Functions	Supported
Blockchain
AWS Managed Blockchain	Not supported/potential to support
AWS Quantum Ledger Database (QLDB)	Not supported/potential to support
Business Applications
Alexa for Business	Will not support
Amazon Chime	Not supported/potential to support
Amazon Chime SDK	Not supported/potential to support
Amazon Connect	Not supported/potential to support
Amazon Honeycode	Not supported/potential to support
Amazon Pinpoint	Not supported/potential to support
Amazon Simple Email Service (SES)	Conditionally supported: Max 19 email delivery attempts in a single lab Can only send emails to: Accounts with the domain `@example.com` Test emails with the SES simulator Yourself (use the exact same email in `from` and `to` fields)
Amazon WorkDocs	Not supported/potential to support
Amazon WorkMail	Not supported/potential to support
AWS Supply Chain (preview)	Not supported/potential to support
AWS Wickr	Not supported/potential to support
Cloud Financial Management
AWS Budgets	Will not support
AWS Cost and Usage Report
AWS Cost Explorer
Reserved Instance (RI) Reporting
Savings Plans
Marketplace Subscriptions
Compute
Amazon EC2	Conditionally supported: Allowed instance types: t2, t3, t3a, t4g in micro, small, and medium sizes Max volume size of 100 GB No more than nine concurrent instances (includes stopped instances, excludes terminated instances) Default tenancy only Monitored for appropriate use
Amazon EC2 Auto Scaling
Amazon EC2 Image Builder
Amazon EC2 Spot Instances	Will not support
Amazon Lightsail	Will not support
AWS App Runner	Not supported/potential to support
AWS Auto Scaling	Supported
AWS Batch	Supported
AWS Compute Optimizer	Not supported/potential to support
AWS Elastic Beanstalk	Supported
AWS Lambda	Conditionally supported: Max 2048 GB memory per function Max 10 total functions
AWS Local Zones	Not supported/potential to support
AWS Outposts	Will not support
AWS Serverless Application Repository	Not supported/potential to support
AWS SimSpace Weaver	Not supported/potential to support
AWS Wavelength	Not supported/potential to support
VMWare Cloud on AWS	Not supported/potential to support
Containers
Amazon Elastic Container Registry (ECR)	Supported
Amazon Elastic Container Service (ECS)	Supported
Amazon Elastic Kubernetes Service (EKS)	Conditionally supported: Clusters must use standard support versions Extended support versions not permitted due to cost
AWS App2Container	Not supported/potential to support
AWS Copilot	Supported (developer tool)
AWS Fargate	Conditionally supported: Max four running tasks at once Max 2048 allocated CPU per instance Max 4096 allocated memory per instance
Red Hat OpenShift Service on AWS	Will not support
Customer Enablement
Managed Services	Will not support
Support	Will not support
Database
Amazon DocumentDB	Supported
Amazon DynamoDB	Supported
Amazon DynamoDB Accelerator (DAX)	Conditionally supported: Allowed node types: t2 or t3 small or medium Max nine clusters
Amazon ElastiCache	Conditionally supported: Allowed instance types: t2 or t3 micro, small, or medium Max nine nodes across all clusters
Amazon Keyspaces (for Apache Cassandra)	Supported
Amazon MemoryDB for Redis	Not supported/potential to support
Amazon Neptune	Supported
Amazon RDS	Conditionally supported: Limits Allowed instance types: t3 or t4g micro, small, or medium Max storage size of 50 GB Restrictions Cannot use provisioned IOPS
Amazon Timestream	Supported
Developer Tools
Amazon CodeCatalyst (preview)	Not supported/potential to support
Amazon CodeGuru	Supported
AWS Cloud Control API	Supported
AWS Cloud Development Kit (CDK)	Supported (developer tool)
AWS Cloud9	Not supported
AWS CloudShell	Supported
AWS CodeArtifact	Supported
AWS CodeBuild	Conditionally supported: Allowed instance types: small or medium general instances
AWS CodeCommit	Not supported
AWS CodeDeploy	Supported
AWS CodePipeline	Supported
AWS CodeStar	Supported
AWS Command Line Interface (CLI)	Supported (developer tool)
AWS Device Farm	Not supported/potential to support
AWS Fault Injection Simulator	Conditionally supported: Max 20 minutes action time per lab/sandbox
AWS Tools and SDKs	Supported (developer tool)
AWS X-Ray	Supported
Amazon CodeWhisperer	Will not support
End-User Computing
Amazon AppStream 2.0	Not supported/potential to support
Amazon WorkSpaces Family	Not supported/potential to support
Front-End Web and Mobile
Amazon API Gateway	Supported
Amazon Location Service	Not supported/potential to support
AWS Amplify	Supported
AWS AppSync	Not supported/potential to support
Internet of Things
AWS IoT Core	Supported
AWS IoT FleetWise	Not supported/potential to support
AWS IoT SiteWise	Not supported/potential to support
AWS IoT TwinMaker	Not supported/potential to support
AWS IoT Greengrass	Supported
AWS IoT 1-Click	Supported
AWS IoT Analytics	Not supported
AWS IoT Button	Will not support
AWS IoT Device Defender	Not supported/potential to support
AWS IoT Device Management	Not supported/potential to support
AWS IoT Events	Not supported/potential to support
AWS IoT RoboRunners	Not supported/potential to support
FreeRTOS	Not supported/potential to support
Machine Learning
Amazon Augmented AI	Conditionally supported (see SageMaker entry)
Amazon Bedrock	Conditionally supported in AWS AI cloud sandbox
Amazon Comprehend	Conditionally supported: No custom classifiers No custom entity Recognizers No custom endpoints
Amazon Comprehend Medical
Amazon DevOps Guru	Not supported/potential to support
Amazon Elastic Inference	Will not support
Amazon Forecast	Not supported/potential to support
Amazon Fraud Detector	Not supported/potential to support
Amazon HealthLake	Not supported/potential to support
Amazon Kendra	Not supported/potential to support
Amazon Lex	Supported
Amazon Lookout for Equipment	Not supported/potential to support
Amazon Lookout for Metrics	Not supported/potential to support
Amazon Lookout for Vision	Not supported/potential to support
Amazon Monitron	Not supported/potential to support
Amazon Omics	Not supported/potential to support
Amazon Personalize	Not supported/potential to support
Amazon Polly	Supported
Amazon Rekognition	Not supported/potential to support
Amazon SageMaker	Conditionally supported in AWS AI cloud sandbox
Amazon SageMaker Ground Truth	Will not support
Amazon Textract	Not supported
Amazon Transcribe	Supported
Amazon Translate	Will not support
AWS DeepComposer	Not supported/potential to support
AWS DeepLens	Not supported/potential to support
AWS DeepRacer	Not supported/potential to support
AWS Inferentia	Will not support
AWS Panorama	Not supported/potential to support
Management and Governance
Amazon CloudWatch	Supported
Amazon Managed Grafana	Not supported/potential to support
Amazon Managed Service for Prometheus	Not supported/potential to support
AWS Chatbot	Not supported/potential to support
AWS CloudFormation	Supported
AWS CloudTrail	Supported
AWS Config	Supported
AWS Control Tower	Will not support
AWS Launch Wizard	Not supported/potential to support
AWS License Manager	Not supported/potential to support
AWS Managed Services	Will not support
AWS Management Console	Supported
AWS Management Console Mobile Application	Will not support
AWS OpsWorks	Supported
AWS Organizations	Will not support
AWS Personal Health Dashboard	Will not support
AWS Proton	Not supported/potential to support
AWS Resilience Hub	Not supported/potential to support
Resource Groups and Tag Editor	Supported
AWS Service Catalog	Not supported/potential to support
AWS Service Management Connector	Not supported/potential to support
AWS Systems Manager	Conditionally supported: Cannot use custom inventories
AWS Trusted Advisor	Not supported/potential to support
AWS Well-Architected Tool	Not supported/potential to support
Media Services
Amazon Elastic Transcoder	Supported
Amazon Interactive Video Service	Not supported/potential to support
Amazon Kinesis Video Streams	Supported
Amazon Nimble Studio	Not supported/potential to support
AWS Elemental Appliances and Software	Not supported/potential to support
AWS Elemental MediaConnect	Not supported/potential to support
AWS Elemental MediaConvert	Not supported/potential to support
AWS Elemental MediaLive	Not supported/potential to support
AWS Elemental MediaPackage	Not supported/potential to support
AWS Elemental MediaStore	Not supported/potential to support
AWS Elemental MediaTailor	Supported
Migration and Transfer
AWS Application Migration Service (MGN)	Not supported/potential to support
AWS Application Discovery Service	Supported
AWS Database Migration Service (DMS)	Supported
AWS DataSync	Not supported/potential to support
AWS Mainframe Modernization	Not supported/potential to support
AWS Migration Hub	Supported
Server Migration Service	Deprecated
AWS Transfer Family	Not supported/potential to support
Migration Evaluator (formerly TSO Logic)	Will not support
Networking and Content Delivery
Amazon CloudFront	Supported
Amazon Route 53	Conditionally supported: Route 53 Profiles, Recovery, and Domains not supported
Amazon VPC	Supported
AWS App Mesh	Supported
AWS Cloud Map	Supported
AWS Cloud WAN	Will not support
AWS Direct Connect	Will not support
AWS Global Accelerator	Will not support
AWS Private 5G	Will not support
AWS PrivateLink	Will not support
AWS Transit Gateway	Will not support
AWS Verified Access (preview)	Not supported/potential to support
AWS VPN	Not supported/potential to support
Elastic Load Balancing (ELB)	Supported
Quantum Technologies
Amazon Braket	Not supported/potential to support
Robotics
AWS RoboMaker	Not supported/potential to support
Satellite
AWS Ground Station	Not supported/potential to support
Security, Identity, and Compliance
Amazon Cognito	Supported
Amazon Detective	Not supported/potential to support
Amazon GuardDuty	Supported
Amazon Inspector	Supported
Amazon Macie	Will not support
Amazon Security Lake (preview)	Not supported/potential to support
Amazon Verified Permissions (preview)	Not supported/potential to support
AWS Artifact	Not supported/potential to support
AWS Audit Manager	Not supported/potential to support
AWS Certificate Manager	Conditionally supported Exportable certificates not supported
AWS CloudHSM	Not supported/potential to support
AWS Directory Service	Supported
AWS Firewall Manager	Not supported/potential to support
AWS IAM Identity Center	Conditionally supported: Cannot modify `cloud_user` or `admin` role Cannot create account alias Cannot use or set up SSO/MFA Cannot modify Password Policy Cannot modify the STS global endpoint token version
AWS Identity and Access Management	Supported
AWS Key Management Service (KMS)	Supported
AWS Network Firewall	Supported
AWS Resource Access Manager	Not supported/potential to support
AWS Secrets Manager	Supported
AWS Security Hub	Conditionally supported: Limits Use allowed on individual account only Restrictions Cannot accept invitations to join as a member Cannot create or invite new members
AWS Shield	Not supported/potential to support
AWS WAF	Supported
Storage
Amazon Elastic File System (EFS)	Supported
Amazon FSx	Conditionally supported: Cannot use FileCache
Amazon S3 Glacier	Not supported/potential to support
Amazon Simple Storage Service (S3)	Supported
AWS Backup	Conditionally supported: Cannot create legal holds
AWS Snow Family	Will not support
AWS Storage Gateway	Not supported/potential to support
AWS Elastic Disaster Recovery	Not supported/potential to support

Hands-on playground abuse

We actively monitor the Hands-on playground for abusive, prohibited, or otherwise unacceptable behavior that goes against the educational purpose of these tools. Abuse of the Hands-on playground is enforced by our Hands-on playground and labs abuse protocol to ensure compliance with the Terms of Use (opens in new tab) you agreed to at sign-up.

To avoid workarounds, we don’t provide specifics of what we look for to identify abuse or how we identify it, but a few general examples of misuse and abuse are listed below:

Incorrect instance type
Ten or more instances created at a time
Ten or more vCPU across all instances
Attempting to use resources for crypto mining
Excessive network traffic
DDoS or port scanning external hosts
Exceeding the maximum of four ECS tasks

This list is not comprehensive, so if you have questions, requests, or want to check whether an activity is allowed in the sandbox, contact Support prior to starting the activity.

Learn, have fun, and please respect the playground.