Creating resources in the Modernisation Platform
Overview
Once your environment and networking have been created, now the fun begins and you can start building!
On environment creation, base Terraform resources are created for you in the modernisation-platform-environments repository in the environments folder.
These resources are preconfigured with a backend, providers etc, all that you need to start adding in infrastructure such as EC2s or RDS databases.
Creating new resources
- Clone the Modernisation Platform environments repository:
git clone git@github.com:ministryofjustice/modernisation-platform-environments.git
- Create a new Terraform files or resources in your application folder under
terraform/environments/
- We recommend following standard Terraform best practices, such as creating a
main.tf
, or logically named Terraform files, such asdatabase.tf
ors3.tf
- Environment specific variables can be passed in through an application_variables.json, defined as a local and referenced accordingly
- Data lookups are provided for common things you may need from the platform such as subnets or DNS zones here
GitHub Permissions
- For any files created in your application folder, your GitHub team will have permissions to create and merge pull requests.
- Your GitHub team will be assigned as a codeowner for your application folder, so someone in your team will be required to review any pull requests before they can be merged.
Restrictions
The following files you will not be able to amend without an approving review from the Modernisation Platform team.
providers.tf
backend.tf
subnet_share.tf
networking.auto.tfvars.json
platform_*.tf
The ability to create some resources will be restricted and will require assistance from the Modernisation Platform team.
Next Steps
Once you have defined your infrastructure as code you can deploy your infrastructure to the Modernisation Platform.
Non Standard infrastructure
In order to maintain security some actions are not allowed in the environments repository and do not have the relevant permissions, for example creating IAM users, or VPCs.
However there are times when an application may reasonably want to create these resources, for example create a user for use with SES.
If you need to create any infrastructure which is not allowed in the environments repository, it can be created here - Modernisation Platform environments folders, in the relevant application folder. The Modernisation Platform team will need to approve any PRs adding code to this repository.