Core Shared Services Account Setup
Overview
The core-shared-services-production AWS account hosts resources used by other Modernisation Platform accounts.
| Resource | Description |
|---|---|
| S3 | Stores code artefacts output by modernisation-platform and other member resources |
| KMS | Manages per-business-unit KMS keys |
| ECR | Hosts docker container images |
| Microsoft Active Directory Controllers | Customer infrastructure managed by DSO team |
| VPC | Provides networking resources |
| Instance Scheduler Lambda | Manage start/stop schedules for non-critical instances |
Steps
1. Account Creation
To initiate the account recreation process, go to the GitHub Actions page for the Modernisation Platform repository and trigger the new environment workflow. This workflow should detect that the account no longer exists and propose to recreate the account. As part of this process, it will also execute the baseline runs for the account.
2. Deploy Core Shared Services Resources
This can be achieved by triggering core-shared-services deployment workflow run, which can be found here.
Alternatively, this can be done as manual deployment:
- Navigate to the modernisation-platfom repo and change to the core-shared-services directory
- Run terraform plan in the production workspace
- Using admin credentials, execute terraform apply
3. Verify Resources
- Log into AWS Console for the core-shared-services account
- Check and verify that resources have been correctly provisioned (KMS keys, VPC, etc.)
4. Notify customers
- Inform our members that the account has been recreated
- Liaise with owning teams to validate any rebuilds