Skip to main content

Creating networking resources in the Modernisation Platform

Overview

In the Modernisation Platform, we provide the core networking resources that you will need for your application.

For each account there are networking resources that we provide as standard, and additional resources that can be added if needed.

These are defined in JSON files in the environment-networks directory.

The Modernisation Platform will work with you to create these files based on details in your environment request, and assign you VPC and subnet CIDR ranges.

Standard resources

VPC

VPC (AWS Virtual Private Cloud), providing out of the box network isolation.

Subnet Sets

Three different subnet types spread across all three availability zones (eu-west-2a, eu-west-2b, eu-west2c), making a total of nine subnets:

  • Public (for public resources such as load balancers)
  • Private (for private resources such as application servers)
  • Data (for data resources such as databases)

DNS Zones

Hosted public and private DNS zones for your application domain names.

Certificate Services

Amazon issued public certificates and shared live and non live subordinate private CA(Certificate Authority) for private certificates.

Additional networking resources

Connectivity to other VPCs or external parties

As default your VPC is isolated, if you need connectivity to other VPCs with in the MoJ, or VPN (Virtual private network) connections to external parties this can be created.

Linux Bastion

Connecting to servers should be done via AWS Systems Manager, but if it is not possible to install the SSM agent due to the age of the operating system, then a secure bastion server can be provisioned. A bastion can also be used for connecting locally to RDS databases via port forwarding. We provide a module to create a bastion instance.

Extended DNS

Allow your VPC to have access to additional DNS zones in other VPCs.

Isolated Network

If you require an isolated environment that is separated from the standard resources detailed above with no internet or shared network connectivity please select the ‘Isolated’ option under subnet sets (Networking Options) when submitting your new environment request.

This option will trigger the copy of a different set of platform environment templates which can be found here

Additional information

You can view our architecture for Networking on the dedicated networking approach page, which also explains what you get by doing this.

This page was last reviewed on 20 March 2024. It needs to be reviewed again on 20 September 2024 by the page owner #modernisation-platform .
This page was set to be reviewed before 20 September 2024 by the page owner #modernisation-platform. This might mean the content is out of date.