Core Shared Services Account Setup
Overview
The core-shared-services-production AWS account hosts resources used by other Modernisation Platform accounts.
| Resource | Description |
|---|---|
| S3 | Stores code artefacts output by modernisation-platform and other member resources |
| KMS | Manages per-business-unit KMS keys |
| ECR | Hosts docker container images |
| Microsoft Active Directory Controllers | Customer infrastructure managed by DSO team |
| VPC | Provides networking resources |
| Instance Scheduler Lambda | Manage start/stop schedules for non-critical instances |
Steps
1. Account Creation
To initiate the account recreation process, go to the GitHub Actions page for the Modernisation Platform repository and trigger the new environment workflow. This workflow should detect that the account no longer exists and propose to recreate the account. As part of this process, it will also execute the baseline runs for the account.
2. Deploy Core Shared Services Resources
This can be achieved by triggering core-shared-services deployment workflow run, which can be found here. Alternatively, this can be done as manual deployment:
- Navigate to the
modernisation-platfom repoand change to thecore-shared-services directory - Run
terraform planin the production workspace - Using admin credentials, execute
terraform apply
3. Verify Resources
- Log into AWS Console for the core-shared-services account
- Check and verify that resources have been correctly provisioned (KMS keys, VPC, etc.)
4. Notify customers
- Inform our members that the account has been recreated
- Liaise with owning teams to validate any rebuilds
References
This page was last reviewed on 21 March 2025.
It needs to be reviewed again on 21 September 2025
by the page owner #modernisation-platform
.
This page was set to be reviewed before 21 September 2025
by the page owner #modernisation-platform.
This might mean the content is out of date.