Creating networking resources in the Modernisation Platform
In the Modernisation Platform, we provide the core networking resources that you will need for your application.
For each account there are networking resources that we provide as standard, and additional resources that can be added if needed.
These are defined in JSON files in the environment-networks directory.
The Modernisation Platform will work with you to create these files based on details in your environment request, and assign you VPC and subnet CIDR ranges.
VPC (AWS Virtual Private Cloud), providing out of the box network isolation.
Three different subnet types spread across all three availability zones (eu-west-2a, eu-west-2b, eu-west2c), making a total of nine subnets:
- Public (for public resources such as load balancers)
- Private (for private resources such as application servers)
- Data (for data resources such as databases)
Hosted public and private DNS zones for your application domain names.
Amazon issued public certificates and shared live and non live subordinate private CA(Certificate Authority) for private certificates.
Additional networking resources
Connectivity to other VPCs or external parties
Connecting to servers should be done via AWS Systems Manager, but if it is not possible to install the SSM agent due to the age of the operating system, then a secure bastion server can be provisioned. A bastion can also be used for connecting locally to RDS databases via port forwarding. We provide a module to create a bastion instance.
Allow your VPC to have access to additional DNS zones in other VPCs.
You can view our architecture for Networking on the dedicated networking approach page, which also explains what you get by doing this.