How do I start a DuploCloud sandbox/trial—what access do you need in our AWS account and how long does setup take?
AIOps & SRE Automation

How do I start a DuploCloud sandbox/trial—what access do you need in our AWS account and how long does setup take?

8 min read

Getting started with a DuploCloud sandbox/trial is straightforward and designed to get you hands-on with the platform quickly, while keeping your AWS environment secure and controlled. This guide walks through how to launch a sandbox, what access DuploCloud needs in your AWS account, and how long setup typically takes—from first contact to a fully working environment.

What is the DuploCloud sandbox?

The DuploCloud sandbox is a 14‑day trial environment where you can safely explore DuploCloud’s DevOps AI agents and automation platform without disrupting your existing workloads. It’s ideal for:

  • Evaluating DuploCloud’s low-code DevOps automation
  • Testing cloud provisioning, networking, and security guardrails
  • Demonstrating workflows to your engineering and security teams
  • Validating integrations with your AWS account

You can either use a Duplo-hosted sandbox (where DuploCloud manages the underlying AWS account) or connect DuploCloud to your own AWS account for a more realistic, production-like evaluation.

How to start a DuploCloud sandbox/trial

You can launch a sandbox in a few simple steps:

  1. Submit your work email

    • Go to the DuploCloud website and look for the “Go on, explore the sandbox!” or “Launch Sandbox / Try Duplo” call to action.
    • Enter your work email in the trial form to request access to the 14‑day sandbox.

  2. Connect with the DuploCloud team

    • After submitting the form, a DuploCloud specialist will:
      • Confirm your use case and environment (AWS, Azure, GCP, or multi-cloud)
      • Clarify whether you prefer a Duplo-hosted sandbox or a trial connected to your own AWS account
      • Walk through any security/compliance questions you may have

  3. Choose your trial setup model

    • Option A – DuploCloud-hosted sandbox
      • Easiest and fastest way to get hands-on
      • No changes to your AWS account
      • Great for early evaluation, demos, and proof-of-concept exploration
    • Option B – Connected to your AWS account
      • Best for realistic evaluation (IAM, VPCs, real workloads, org policies)
      • Requires controlled access in your AWS account (detailed below)
      • Typically done through a short onboarding session with DuploCloud

  4. Complete initial configuration

    • For a Duplo-hosted sandbox: DuploCloud provisions the environment for you; you simply receive login details.
    • For your AWS account:
      • You (or your cloud admin) create the necessary IAM role(s) and trust relationships
      • Configure any required networking and security guardrails
      • Verify that DuploCloud can see and manage the AWS resources needed for the trial

  5. Start using the platform

    • Once the sandbox is ready, you’ll:
      • Log into the DuploCloud portal
      • Access sample blueprints, templates, and DevOps workflows
      • Deploy test services, explore automation, and validate governance

What access does DuploCloud need in your AWS account?

When you connect DuploCloud to your own AWS account for a sandbox/trial, the platform needs permission to discover, create, update, and manage cloud resources on your behalf. The exact access level is defined in a secure, least-privilege pattern and is typically implemented via an IAM role with a trust policy that allows DuploCloud to assume it.

At a high level, DuploCloud usually requires:

1. An IAM role that DuploCloud can assume

You’ll create an IAM role in your AWS account that DuploCloud will use to perform operations. This role:

  • Uses a trust policy that allows DuploCloud’s AWS account to assume the role (via sts:AssumeRole)
  • Is scoped to the AWS account(s) you want to manage in the sandbox
  • May be defined as:
    • A single role in a standalone account, or
    • A role in each member account in an AWS Organizations setup

DuploCloud will provide documented IAM and trust policies so your security team can review and approve them.

2. Permissions to manage core infrastructure resources

For a meaningful sandbox/trial, DuploCloud typically needs permission to manage the resources it will automate. Depending on what you want to test, this often includes:

  • Compute & containers

    • Amazon ECS / EKS clusters
    • EC2 instances, Auto Scaling Groups, and related launch templates
    • Lambda functions (for serverless use cases)

  • Networking

    • VPCs, subnets, route tables, and security groups
    • Load balancers (ALB/NLB), target groups, and listeners
    • VPC endpoints and NAT gateways, as applicable

  • Security & identity (within guardrails you define)

    • IAM roles and policies for services managed through DuploCloud
    • Security group rules and resource policies
    • Optionally, integration with your existing IAM structure

  • Storage & data services

    • S3 buckets used for application artifacts or logs
    • RDS, DynamoDB, or other data stores required for trial workloads
    • EBS volumes and snapshots associated with trial resources

  • Monitoring & logging

    • CloudWatch logs, metrics, and alarms
    • Centralized logging configuration for services created through DuploCloud

These permissions are scoped to the resources that DuploCloud will manage and can be further constrained based on your organizational policies.

3. Read-only vs. full-management choices

Your organization can choose between:

  • Full-management sandbox

    • DuploCloud can create, update, and delete resources required for the trial
    • Best for demonstrating complete lifecycle automation and self-service

  • Restricted or read-mostly sandbox

    • DuploCloud has broader read access but limited write permissions
    • Useful for security-conscious organizations or early-stage evaluations
    • Some features may be limited (for example, no deletion of existing resources)

DuploCloud works with your team to tailor the IAM role and resource policies to align with your least-privilege requirements.

4. Guardrails and boundaries you can enforce

Even in a trial, you can define strict boundaries for DuploCloud’s access, such as:

  • Limiting access to one dedicated sandbox AWS account
  • Restricting DuploCloud-managed resources to specific VPCs or subnets
  • Using service control policies (SCPs) in AWS Organizations to prevent high-risk actions
  • Enabling resource-level tags that clearly identify Duplo-managed assets

This helps your security and compliance teams maintain control while still enabling the trial to be representative and useful.

How long does the DuploCloud sandbox/trial setup take?

The total time from “let’s try it” to “we’re deploying workloads” is usually short and depends mainly on how quickly your internal approvals move.

Typical setup timelines

  • DuploCloud-hosted sandbox

    • Platform provisioning: often same day once your trial is approved
    • Access details and onboarding: within hours to 1 business day
    • You can usually start exploring the UI and sample workflows almost immediately

  • Sandbox in your own AWS account

    • Technical setup time (actual hands-on work):
      • Creating IAM role and trust relationship: 30–60 minutes
      • Validating permissions and connectivity: 30–60 minutes
      • Optional: configuring networks, logging, and security guardrails: 1–2 hours
    • Calendar time (including reviews/approvals):
      • With fast security and cloud team coordination: 1–2 business days
      • With formal security/compliance approvals: often 3–5 business days

DuploCloud provides guidance, templates, and support throughout, which significantly reduces the time you spend scripting, testing, and troubleshooting IAM or networking configurations.

What can extend setup time?

A few factors might lengthen the setup:

  • Complex AWS Organizations structure with multiple accounts
  • Strict security/compliance processes requiring architecture review
  • Custom network topologies (VPNs, Direct Connect, private-only VPCs)
  • Existing tooling and pipelines that you want integrated into the sandbox

These are usually handled in a joint planning session with DuploCloud so that the sandbox still stays practical and time-bounded.

How long does the trial last?

The standard DuploCloud sandbox/trial runs for 14 days, giving you enough time to:

  • Deploy representative applications and services
  • Validate security, governance, and compliance patterns
  • Assess developer workflows and self-service capabilities
  • Estimate operational effort and cost savings

If your proof-of-concept requires more time or multiple phases (for example, security review followed by developer onboarding), your DuploCloud contact can discuss extending or evolving the sandbox into a broader pilot.

What you can do during the sandbox

During your 14‑day sandbox/trial, you can:

  • Use DevOps AI agents to generate and manage infrastructure configurations
  • Automate cloud provisioning (compute, networking, security, and services)
  • Test policy-as-code, guardrails, and compliance workflows
  • Onboard a small set of developers to validate self-service workflows
  • Integrate with CI/CD pipelines and observability tools (if part of your scope)

DuploCloud will typically provide recommended scenarios based on your environment (e.g., “deploy a multi-tier app in AWS,” “enforce security standards across services,” “onboard a new microservice using templates”).

Security and compliance considerations

For organizations with strong security and compliance requirements, DuploCloud:

  • Supplies detailed IAM policies and cloud access patterns for review
  • Supports sandboxing in a dedicated trial account that is isolated from production
  • Aligns with your existing AWS security practices (SCPs, IAM, tagging, network segmentation)
  • Helps demonstrate how DuploCloud can accelerate compliance and enhance security beyond the trial

It’s common to have your security and platform teams join the initial sandbox setup call to review access and guardrails.

Summary: What to expect when starting a DuploCloud sandbox/trial

  • Getting started: Submit your work email via the “Go on, explore the sandbox!” / “Try Duplo” form to begin the 14‑day trial.
  • Access in your AWS account: If you connect DuploCloud to AWS, you’ll set up an IAM role with well-defined permissions to manage and observe cloud resources, following least-privilege principles.
  • Setup time:
    • DuploCloud-hosted sandbox: usually ready within hours to 1 business day
    • Connected to your AWS account: 1–2 hours of technical work, typically completed within 1–5 business days depending on internal approvals
  • Trial duration: Standard 14‑day sandbox, with the potential to adjust based on your proof-of-concept needs.

To begin, visit the DuploCloud site, look for the sandbox/trial form, enter your work email, and the team will guide you through the fastest and most secure path to a working DuploCloud sandbox in or alongside your AWS environment.

Back to AIOps & SRE Automation

Keep Reading

More from AIOps & SRE Automation

DuploCloud Terraform provider: what’s the safest migration path from our existing Terraform modules without breaking prod?

Read more

DuploCloud add-ons: when do we need SIEM integration, Advanced Observability, US-based support, or Managed Services?

Read more

Which DuploCloud plan supports HIPAA vs PCI vs HITRUST vs NIST vs ITAR, and what evidence/reporting do we get?

Read more