Modernisation Platform
The Modernisation Platform is a hosting platform where Ministry of Justice teams can host and modernise applications which are not suitable for the Cloud Platform.
This repository holds the Ministry of Justice’s Modernisation Platform concepts, team information, team guide, and user guide to help onboard and support the users of our service.
Who is this for?
This documentation is for anyone interested in the Modernisation Platform and its core concepts; for users of the Modernisation Platform; and for the team.
User guide
Getting started
- Creating environments (aka AWS accounts)
- Creating networking resources
- Accessing the AWS Console
- Getting AWS Credentials
- Creating resources
- Deploying your infrastructure
- Deploying your application
- Standard environment diagram
- Working as a Collaborator
- Production Ready Checklist
How to guides
- Running Terraform plan locally
- Accessing EC2s
- Wider MoJ Connectivity
- How to add VPC endpoints
- How to configure DNS for public services
- How to import a public SSL certificate into AWS Certificate Manager
- How to view core account/shared resources as a Member Developer
- How to use shared KMS keys
- How to integrate CloudWatch Alarms with PagerDuty and Slack
- How to set up automated patching
- How to add an ECR for shared Docker images
- How to setup code scanning locally
- How to setup secure commit for git hub
Concepts
Environments (AWS Accounts)
Shared services and tools
- Auto-nuke
- Instance Scheduling - automatically stop non-production instances overnight
- Platform user roles
Networking
- Networking approach
- Networking Architecture Diagram
- Subnet CIDR Allocation
- Subnet NACLs
- Bastions and Instance Access
- DNS
- Certificate Services
- Network Firewall
Software Development Lifecycle
- Repositories
- Core Workflows (CI/CD)
- User Workflows (CI/CD)
- Testing Strategy
- Sandbox and testing environments
- Patching
Modernisation Platform Team information
Runbooks
- Accessing AWS accounts
- Accessing the Observability Platform
- Adding a new SSO user role
- Adding a new team member to the Modernisation Platform
- Adding collaborators
- Adding wider connectivity
- Backup and Restore of Terraform Statefile & EC2
- Changing environment (AWS account) details
- CloudWatch networking alarms
- Creating Automated Terraform Documentation
- Creating new DNS zones
- Creating new Private DNS zones
- Creating VPCs
- Deleting an environment (AWS account)
- Disaster recovery offering
- Disaster recovery steps
- DoS Attack
- Duty Rota
- Enabling AWS Shield Advanced
- Environments-networks json explained
- How to create an AWS account for end users
- How to rotate secrets
- How to update external status page
- How VPCs access the internet
- Joining the team
- Manage an incident
- Main Platform Runbook
- Migrating an existing AWS account into the Modernisation Platform
- Modifying Service Control Policies (SCPs)
- Querying CloudTrail logs with Athena
- Querying VPC flow logs
- Recreating the core-logging-production account
- Recreating the core-network-services account
- Recreating the core-shared-services account
- Recreating the core-vpc-$environments accounts
- Recreating the modernisation-platform account
- Removing a team member from the Modernisation Platform
- Reviewing Dependabot PRs
- Reviewing MP Environments PRs
- Revoke Network Access
- Revoking User Access
- Security Monitoring
- Security Testing and ITHC
- Sharing of platform operational data with Security Operations
- Set up Macie
- Terraform
- Useful scripts
Getting help
Checking Modernisation platform status
To check the operational status of the Modernisation Platform click on the link below, this page will display the current status of any incidents as well as any planned maintenance windows.
This page was last reviewed on 28 June 2024.
It needs to be reviewed again on 28 December 2024
by the page owner #modernisation-platform
.
This page was set to be reviewed before 28 December 2024
by the page owner #modernisation-platform.
This might mean the content is out of date.