Modernisation Platform

The Modernisation Platform is a hosting platform where Ministry of Justice teams can host and modernise applications which are not suitable for the Cloud Platform.

This repository holds the Ministry of Justice’s Modernisation Platform concepts, team information, team guide, and user guide to help onboard and support the users of our service.

Who is this for?

This documentation is for anyone interested in the Modernisation Platform and its core concepts; for users of the Modernisation Platform; and for the team.

User guide

• Should I use the Cloud Platform, or the Modernisation Platform?
• Our offer to you
• Sustainability

Getting started

• Creating environments (aka AWS accounts)
• Creating networking resources
• Accessing the AWS Console
• Getting AWS Credentials
• Creating resources
• Deploying your infrastructure
• Deploying your application
• Standard environment diagram
• Working as a Collaborator
• Production Ready Checklist

How to guides

• Running Terraform plan locally
• Accessing EC2s
• Wider MoJ Connectivity
• How to configure DNS for public services
• How to import a public SSL certificate into AWS Certificate Manager
• How to view core account/shared resources as a Member Developer
• How to use shared KMS keys
• How to integrate CloudWatch Alarms with PagerDuty and Slack
• How to set up automated patching
• How to add an ECR for shared Docker images

Concepts

Environments (AWS Accounts)

• The problem and our solution
• Environment Architecture
• Security
• Single Sign On
• Backups

Shared services and tools

• Auto-nuke
• Instance Scheduling - automatically stop non-production instances overnight

Networking

• Networking approach
• Networking Architecture Diagram
• Subnet CIDR Allocation
• Subnet NACLs
• Bastions and Instance Access
• DNS
• Certificate Services
• Network Firewall

Software Development Lifecycle

• Repositories
• Core Workflow (CI/CD)
• User Workflow (CI/CD)
• Testing Strategy
• Sandbox and testing environments
• Patching

Modernisation Platform Team information

• Our alliance
• Our roadmap
• Our team
• Our vision
• Operational Processes
• Our ways of working

Runbooks

• Accessing AWS accounts
• Adding a new team member to the Modernisation Platform
• Adding collaborators
• Adding wider connectivity
• Changing environment (AWS account) details
• CloudWatch networking alarms
• Creating Automated Terraform Documentation
• Creating new DNS zones
• Creating new Private DNS zones
• Creating VPCs
• Deleting an environment (AWS account)
• Disaster recovery offering
• Disaster recovery steps
• DoS Attack
• Duty Rota
• Enabling AWS Shield Advanced
• How to create an AWS account for end users
• How to rotate secrets
• How to update external status page
• How VPCs access the internet
• Joining the team
• Manage an incident
• Main Platform Runbook
• Migrating an existing AWS account into the Modernisation Platform
• Modifying Service Control Policies (SCPs)
• Querying CloudTrail logs with Athena
• Querying VPC flow logs
• Removing a team member from the Modernisation Platform
• Reviewing Dependabot PRs
• Revoke Network Access
• Revoking User Access
• Security Testing and ITHC
• Terraform
• Useful scripts

Getting help

• Ask for help

Checking Modernisation platform status

To check the operational status of the Modernisation Platform click on the link below, this page will display the current status of any incidents as well as any planned maintenance windows.

External status page

This page was last reviewed on 22 April 2024. It needs to be reviewed again on 22 October 2024 by the page owner #modernisation-platform .

This page was set to be reviewed before 22 October 2024 by the page owner #modernisation-platform. This might mean the content is out of date.