Skip to main content

Production Ready Checklist

Before an application goes into production, the Modernisation Platform team will check that the following steps have been taken on the production account to ensure the high quality of infrastructure on the platform.

You can speed up these checks by preparing as much as possible in advance.

Checklist

  1. For public facing interfaces - Create DDoS alarms, enable SRT access, enable Layer 7 Mitigation for ELBs This is not required if the interface is restricted to internal use only.
  2. All EC2 instances have the AWS Systems Manage Session Manager SSM Agent installed.
  3. There are no CRITICAL or HIGH severity level findings in Security Hub for the production account.
  4. Infrastructure code has been reviewed and signed off by a Modernisation Platform engineer.
  5. The application runbook (README.md in the application folder in the modernisation-platform-environments repository) has been completed.
  6. The application conforms to the MoJ Technical Guidance and MoJ Security Guidance
  7. The application has been tested.
  8. The applications go-live-date date has been updated in the environments folder here by adding this to the .json in the format yyyy-mm-dd e.g. 2022-06-17
  9. Appropriate application monitoring and logging is in place.
  10. There is an application support team in place and their contact details are in the application runbook.
  11. The Modernisation Platform team are aware of any cutover/migration dates/times and have agreed additional cover if required.

Infrastructure Review

When reviewing the application infrastructure, the Modernisation Platform team will check for the following things:

  1. No hard coded secrets or account numbers.
  2. No sensitive data is made public.
  3. Secrets are stored in Secrets Manager and rotation is enabled.
  4. Security groups are locked down as much as possible.
  5. The infrastructure is resilient and spread across availability zones.
  6. 3rd party modules or code are not used.
  7. The infrastructure is sensibly sized.
  8. There is no attempt to escalate privileges or provide access to parties outside of the platform.
  9. Data is encrypted at rest and in transit.
  10. Code is dry and well written with no commented out blocks.
This page was last reviewed on 4 October 2024. It needs to be reviewed again on 4 April 2025 by the page owner #modernisation-platform .
This page was set to be reviewed before 4 April 2025 by the page owner #modernisation-platform. This might mean the content is out of date.