Modernisation Platform

The Modernisation Platform is a hosting platform where Ministry of Justice teams can host and modernise applications which are not suitable for the Cloud Platform.

This repository holds the Ministry of Justice’s Modernisation Platform concepts, team information, team guide, and user guide to help onboard and support the users of our service.

Who is this for?

This documentation is for anyone interested in the Modernisation Platform and its core concepts; for users of the Modernisation Platform; and for the team.

User guide

• Should I use the Cloud Platform, or the Modernisation Platform?
• Our offer to you
• Sustainability

Getting started

• Creating environments (aka AWS accounts)
• Creating networking resources
• Accessing the AWS Console
• Getting AWS Credentials
• Creating resources
• Deploying your infrastructure
• Deploying your application
• Standard environment diagram
• Working as a Collaborator
• Production Ready Checklist

How to guides

• Running Terraform plan locally
• Accessing EC2s
• Wider MoJ Connectivity
• How to configure DNS for public services
• How to import a public SSL certificate into AWS Certificate Manager
• How to view core account/shared resources as a Member Developer
• How to use shared KMS keys
• How to integrate CloudWatch Alarms with PagerDuty and Slack
• How to set up automated patching
• How to add an ECR for shared Docker images

Concepts

Environments (AWS Accounts)

• The problem and our solution
• Environment Architecture
• Security
• Single Sign On
• Backups

Shared services and tools

• Auto-nuke
• Instance Scheduling - automatically stop non-production instances overnight

Networking

• Networking approach
• Networking Architecture Diagram
• Subnet CIDR Allocation
• Subnet NACLs
• Bastions and Instance Access
• DNS
• Certificate Services
• Network Firewall

Software Development Lifecycle

• Repositories
• Core Workflow (CI/CD)
• User Workflow (CI/CD)
• Testing Strategy
• Sandbox and testing environments
• Patching

Modernisation Platform Team information

• Our alliance
• Our roadmap
• Our team
• Our vision
• Operational Processes
• Our ways of working

Runbooks

• Accessing AWS accounts
• Adding a new team member to the Modernisation Platform
• Adding collaborators
• Adding wider connectivity
• Changing environment (AWS account) details
• CloudWatch networking alarms
• Creating Automated Terraform Documentation
• Deleting an environment (AWS account)
• Disaster recovery
• DoS Attack
• Enabling AWS Shield Advanced
• How VPCs access the internet
• Manage an incident
• Joining the team
• Main Platform Runbook
• Modifying Service Control Policies (SCPs)
• Querying VPC flow logs
• Removing a team member from the Modernisation Platform
• Terraform
• Useful scripts
• Querying cloudtrail logs with Athena
• How to create an AWS account for end users
• Creating VPCs
• Reviewing Dependabot PRs
• How to rotate secrets
• Duty Rota

Getting help

• Ask for help

This page was last reviewed on 20 April 2023. It needs to be reviewed again on 20 October 2023 by the page owner #modernisation-platform .

This page was set to be reviewed before 20 October 2023 by the page owner #modernisation-platform. This might mean the content is out of date.