No release in over 3 years
Check that ministryofjustice/cloud-platform-* github repositories comply with our standards


 Project Readme

Ministry of Justice Cloud Platform

About this repository

This is the Ministry of Justice (MOJ) Cloud Platform team's repository for public facing documentation, feature work, enhancements, and issues.

The Cloud Platform team utilises GitHub issues to manage their work, and a team ZenHub board to surface GitHub issues into a product management board.

It's best to search our GitHub issues before adding new issues in an effort to reduce duplicates and encourage activity through existing conversations.

Link checker

This repository has a GitHub action that checks all links in *.md files and creates a GitHub issue if the link returns a non-200 status code. If you have a link that doesn't resolve through the public internet (e.g., localhost, or other internal links), please update the .ignore-links file including the fully-qualified domain name (FQDN).

Other Cloud Platform repositories

We have a series of repositories for our work. We have adopted the naming convention of naming each repository starting with cloud-platform-*. Where some repositories have similar purposes, we try to follow a common prefix (e.g. cloud-platform-terraform-* for Terraform modules). We also name things so that users can understand what a repository does through its name.


Name Description
Cloud Platform (this repository) Public facing documentation, feature work, enhancements, and issues
Cloud Platform environments User-created environments that are hosted on the Cloud Platform
Cloud Platform infrastructure Core infrastructure for the Cloud Platform
Cloud Platform user guide User-focussed documentation for how to get started and use the Cloud Platform

Terraform modules


Name Description
CloudFront Creates a CloudFront distribution to serve objects from S3
Database Migration Service (DMS) Creates a DMS replication instance to move data from another database to one inside Cloud Platform
DynamoDB cluster Creates a non-global DynamoDB cluster
Elastic Container repository Creates a container image repository
ElastiCache for Redis cluster Creates a Redis cluster
Kubernetes: IAM role for service accounts (IRSA) Creates an IAM role for a Kubernetes service account
Kubernetes: service account Creates a Kubernetes service account, role, and rolebinding within a namespace
Kubernetes: service pod Creates a pod in a namespace to access AWS services using the AWS CLI
OpenSearch Creates an OpenSearch domain
Pushgateway Creates a Prometheus Pushgateway
RDS Aurora cluster Creates an RDS Aurora cluster
RDS database instance Creates an RDS instance (Postgres, MySQL, MariaDB, MSSQL)
S3 bucket Creates an S3 bucket
Secrets Manager Creates and manages a secret in Secrets Manager
SNS topic Creates an SNS topic
SQS queue Creates an SQS queue


Name Description
Auth0 Creates the auth0 clients for the Kubernetes server and its components
AWS Read-Only - SSO Allow web console logins using Github credentials via SAML
AWS Account Baselines Holds security and operational baselines implemented in Cloud Platform AWS accounts
Bastion Deploys a bastion instance
CertManager Deploys certmanager for automated TLS certificates
Cluster Autoscaler Deploys Cluster Autoscaler
Concourse Deploys ConcourseCI within a Kubernetes cluster
Descheduler Deploys Descheduler
EKS Addons Deploys Cloud Platform EKS Add ons
EFS CSI Enables AWS EFS (NFS compatible) storage backend for Kubernetes
EKS CSI Storage Enables EKS CSI storage backend for Kubernetes (EBS volumes)
External DNS Deploys external-dns to control DNS records dynamically
Global Auth0 Deploys Auth0 actions globally for auth0 tenant
IAM Configuration Holds Cloud Platform team IAM configuration for AWS Accounts
Ingress controller Deploys an NGINX ingress controller
Kuberhealthy Deploys Kuberhealthy Operator and custom checks
Kuberos Deploys kuberos which enables users to authenticate to the cluster
Logging Deploys standard logging tools such as fluentbit, etc.
Monitoring Deploys standard monitoring tools such as AlertManager, exporters, etc.
OPA Deploys OPA and required policies
Starter Pack Deploys Helloworld and multicontainer app
Trivy Operator Deploys Trivy Operator
Velero Deploys velero to manage backup and restore
VPC Flow logs Enables AWS Flow logs to capture information about the IP traffic going to and from network interfaces in VPC.


Demonstration and reference applications

Name Description
Multi-container app Reference application for multi-container services
Go app Reference application written in Go
Ruby app Reference application written in Ruby


Name Description
Canary Deploys AWS Synthetics Canary resource
Custom error pages Customised error pages for uncaught routes
Environments checker Detects orphaned namespaces and AWS resources
Helm charts Custom Cloud Platform helm charts
Kuberos A fork of original Kuberos, managed by Cloud Platform
Tools image Docker image containing tools used by pipelines

Useful links

It may be useful to look at: