Skip to main content

Configure sandbox policy

Required Permission
  • Sandbox Admin

Google Cloud Sandbox policy in the DoiT Console automates sandbox management. It allows you to define the policies on sandbox creation, monitor sandboxes from a centralized hub, and have quick access to sandbox projects for deeper dives.

To use the sandbox feature in the DoiT Console, you must enable it on your Google Cloud service account when Connecting your Google Cloud organization.

Configure sandbox policy

Before a user can create sandboxes, the Sandbox Admin needs to configure the sandbox policy:

  1. Log in to the DoiT Console, select Governance from the top navigation bar, and then select Sandbox accounts.

  2. Select Configure Policy (or Update Policy if it already exists) in the upper-right corner of the page.

    An empty Sandbox accounts page

  3. Read the message on the screen about the budget settings (the sandbox policy doesn't guarantee you won't exceed the budget). Select Accept to proceed.

  4. Complete the Sandbox policy form.

    • Google Cloud Billing account: Specifies the billing account that pays for the sandboxes.

    • Organization: Specifies the organization in which sandboxes are created.

    • IAM folder: Specifies the IAM folder in which sandboxes are created.

    • Budget: Sets up the budget threshold for sandboxes.

    • Sandboxes per user: Limits the number of sandboxes per user.

    • Sandbox name prefix: Applies a standard prefix to all sandboxes.

    • Budget Type: Specifies the type of sandbox budget, One Time or Monthly.

    • End of Budget Action: Specifies the action to take when the budget threshold is reached. There are two options:

      • Send Alert: To send an email notification.
      • Disable Billing: To disconnect the sandbox project from your Google Cloud Billing account.
  5. Save your changes to create/update the policy.

Disable sandbox policy

A Sandbox Admin can disable the sandbox policy at any time to prevent users from creating new sandboxes.

  1. In the DoiT Console, select Governance from the top navigation bar, and then select Sandbox accounts.

  2. Select Update Policy in the upper-right corner.

  3. Select Disable on the Sandbox policy form.

  4. Save the change.


Disabling sandbox policy doesn't affect existing sandboxes.