Skip to main content

Environments (AWS accounts) security

This document should be read in conjunction with the MOJ Security Guidance - Baseline for Amazon Web Services accounts.

As part of our offering in the Modernisation Platform, we secure all environments (AWS accounts) to mitigate risk and protect teams from common security concerns.

AWS services for secure baselines

We enable the following AWS services for you in all accounts, as part of our secure baselines:

Tagging policies

The MOJ has its own tagging standard.

All accounts within the Modernisation Platform inherit the tag policy that includes these tags, which you can view as part of the AWS Resource Groups: Tag Policies service. You must ensure that your resources are tagged in accordance to the policy.

We can see an overview of compliance across the Modernisation Platform and we will help you in meeting this requirement if needed.

Regional restrictions

We restrict the regional usage of accounts that sit within the Modernisation Platform. We use a Service Control Policy to do this.

In accordance with the Security Guidance, you should only use EU AWS regions.

All accounts within the Modernisation Platform can only use:

Regional services

You can use all services in these regions:

  • eu-central-1 - Europe (Frankfurt)
  • eu-west-1 - Europe (Ireland)
  • eu-west-2 - Europe (London)

You should use eu-west-2 for everything, by default.

Global services

Global services are backed by us-east-1 in AWS.

You should use us-east-1 for global services only.

Transit Gateway Network Manager

Transit Gateway Network Manager is backed by us-west-2 in AWS.

You should use us-west-2 for Transit Gateway Network Manager only.

Enabling other regions for service-specific use

If you think you need another region for a particular service, let us know in the #ask-modernisation-platform Slack channel.

More information

The modernisation-platform-terraform-baselines Terraform module implements further reasonable security, identity, and compliance services.

This page was last reviewed on 5 June 2023. It needs to be reviewed again on 5 December 2023 by the page owner #modernisation-platform .
This page was set to be reviewed before 5 December 2023 by the page owner #modernisation-platform. This might mean the content is out of date.