Migrating an existing AWS account into the Modernisation Platform

This runbook outlines general steps to take in order to migrate an existing Ministry of Justice Amazon Web Services account into the Modernisation Platform.

Outline

On occasion, we may be asked to bring an existing AWS account into the Modernisation Platform for ongoing management and application of account baselines.

We can make use of some of our existing processes and our member-unrestricted AWS Organizations Unit to import accounts, apply baselines, and provide SSO access.

The following high-level steps need to be undertaken:

• Prepare account
• Create entries for account in Modernisation Platform repository
• Import manageable resources

Preparing an account for import into the Modernisation Platform

You can make use of the AWS guidance to log into the account of interest as the root user.

You will want to check that the account being migrated: * Conforms to Modernisation Platform naming standards (eg, all lower-case letters, with no spaces as separators). * Has been removed from any Terraform statefiles that manage the account. * Has been removed from management in code.

Importing an account into the Modernisation Platform

You will want to create a branch in GitHub in the Modernisation Platform repository with relevant environments/*.json values * The account-type will be unrestricted

You will want to switch your local branch in GitHub to the one with the newly-created/amended environments/*.json values in order to import information into Terraform. * Ensure you are in the terraform/environments directory * Import the module.environments.aws_organizations_account.accounts["$account-name"] $account-id * Import the module.environments.random_string.email-address["$account-name"] $account-email-address * Merge your new branch into main.

It is likely that you will also need to import resources into Terraform state for the account baselines. You will do this through the terraform/environments/boostrap/member-bootstrap directory in the relevant workspace(s).

Examples

• Removing an account from management in code
• Preparing environment files for an imported account
• Running the Modernisation Platform baselines for an imported account

This page was last reviewed on 11 September 2024. It needs to be reviewed again on 11 March 2025 by the page owner #modernisation-platform .

This page was set to be reviewed before 11 March 2025 by the page owner #modernisation-platform. This might mean the content is out of date.