Skip to main content

Adding Wider Connectivity to the Modernisation Platform


The Modernisation Platform connects the different core platform VPCs and core networking VPCs using AWS Transit Gateway.

In order to expand connectivity beyond the Modernisation Platform, we have peered the Modernisation Platform Transit Gateway (MP TGW) to the central MoJ PTTP Transit Gateway (Prison Technology Transformation Project) (PTTP TGW).

Whilst we could directly connect things to our Modernisation Transit Gateway, this would end up with lots of cross networking between platforms and additional complexity. It makes sense to use the PTTP TWG as a central hub for connectivity across the MoJ.

Required Routing

Egress from the MP TGW to PTTP TGW

All private traffic that is not destined for a Modernisation Platform VPC is routed through to the PTTP TGW.

Additional non private IP ranges that need to be routed through to the PTTP TGW should be added here

From PTTP TGW to the new connectivity location

A static route to the correct TGW attachement should be added under attachment_static_routes here.

  • rtb_name (route table name) should be tgw-rtb-modplatform. This is the route table associated with the MP TGW peering connection.
  • destination should be the CIDR range of the new connectivity location.
  • attach_id is the ID of the TGW attachment for the new location.

The TGW attachement may be a VPC, VPN, Direct Connect or another Transit Gateway. If it is another Transit Gateway, you will need additional routes in that gateway (see the Cloud Platform example below).

From PTTP TGW back to the MP TGW

A route to the MP TGW must be added in the relevant route table for the PTTP TGW attachement. This should be added under peering_static_routes here.

  • rtb_name is the name of the relevant route table. This is the route table associated with the attachment.
  • destination should be the CIDR range of the Modernisation live or non live CIDR ranges.
  • peering_name should be PTTP-ModernisationPlatform

Most PTTP TGW attachments come in to the tgw-rtb-security or the tgw-rtb-probation route tables, the Modernisation Platform ranges have been added to these already so there is no need to add them again, but new tables may be added in the future.


A high level diagram of the wider MoJ networking can be found here.

Other Steps

Remember to do the following in addition to the above in the Modernisation Platform to allow traffic:

  • Add appropriate Firewall rules
  • Add allow rules to the appropriate Security Groups
This page was last reviewed on 13 June 2024. It needs to be reviewed again on 13 December 2024 by the page owner #modernisation-platform .
This page was set to be reviewed before 13 December 2024 by the page owner #modernisation-platform. This might mean the content is out of date.