Core Logging Production Account Setup

Overview

The core-logging AWS account is responsible for managing all core logging resources.

Resource	Description
S3	Stores logs such as cloudtrail and core logging VPC flow logs
KMS	Manages encryption keys used to securely encrypt the contents of S3 buckets
PagerDuty	Hosts resources used by PagerDuty
VPC	Provides networking resources
Athena	Service to analyze log data stored in S3

Steps

1. Account Creation

Please note that aliases do not have a retention period. If an alias still exists under the same organizational unit, you cannot reuse the same alias. To prevent the alias from being recreated, you need to add the environment name to the skip alias local.

To initiate the account recreation process, go to the GitHub Actions page for the Modernisation Platform repository and trigger the new environment workflow. This workflow should detect that the account no longer exists and propose to recreate the account. As part of this process, it will also execute the baseline runs for the account.

2. Deploy Core Logging Production Resources

To recreate the resources run the core-logging-deployment action in GitHub.

If a GitHub Actions deployment is not available the resources can be redeployed locally:

• Navigate to the modernisation-platform repo and change to the terraform/environments/core-logging directory
• Using MP admin credentials, execute terraform apply from the core-logging-production workspace

3. Verify Resources

• Log into AWS Console for the core-logging account
• Verify that resources have been correctly provisioned:
  • Do S3 buckets exist for CloudTrail logs, VPC Flow logs and R53 Resolver logs?
  • Are KMS keys created with correct aliases?
  • Check Athena is available to query CloudTrail logs
  • Check SNS topics are associated with PagerDuty for core alerts

4. Notify Mod Platform Team

• Inform Modernisation Platform team of rebuild process
• Inform customers that account has been recreated
• Verify with the SOC that they are still able to ingest logs into their tooling

References

• Accessing the AWS Console
• Disaster Recovery Process

This page was last reviewed on 18 September 2024. It needs to be reviewed again on 18 March 2025 by the page owner #modernisation-platform .

This page was set to be reviewed before 18 March 2025 by the page owner #modernisation-platform. This might mean the content is out of date.