Ministry of Justice Cloud Platform
About this repository
This is the Ministry of Justice (MOJ) Cloud Platform team's repository for public facing documentation, feature work, enhancements, and issues.
The Cloud Platform team utilises GitHub issues to manage their work, and a team ZenHub board to surface GitHub issues into a product management board.
It's best to search our GitHub issues before adding new issues in an effort to reduce duplicates and encourage activity through existing conversations.
Link checker
This repository has a GitHub action that checks all links in *.md
files and creates a GitHub issue if the link returns a non-200 status code. If you have a link that doesn't resolve through the public internet (e.g. 127.0.0.1
, localhost
, or other internal links), please update the .ignore-links
file including the fully-qualified domain name (FQDN).
Other Cloud Platform repositories
We have a series of repositories for our work. We have adopted the naming convention of naming each repository starting with cloud-platform-*
. Where some repositories have similar purposes, we try to follow a common prefix (e.g. cloud-platform-terraform-*
for Terraform modules). We also name things so that users can understand what a repository does through its name.
Core
Name | Description |
---|---|
Cloud Platform (this repository) | Public facing documentation, feature work, enhancements, and issues |
Cloud Platform environments | User-created environments that are hosted on the Cloud Platform |
Cloud Platform infrastructure | Core infrastructure for the Cloud Platform |
Cloud Platform user guide | User-focussed documentation for how to get started and use the Cloud Platform |
Terraform modules
User-facing
Name | Description |
---|---|
CloudFront | Creates a CloudFront distribution to serve objects from S3 |
Database Migration Service (DMS) | Creates a DMS replication instance to move data from another database to one inside Cloud Platform |
DynamoDB cluster | Creates a non-global DynamoDB cluster |
Elastic Container repository | Creates a container image repository |
ElastiCache for Redis cluster | Creates a Redis cluster |
Kubernetes: IAM role for service accounts (IRSA) | Creates an IAM role for a Kubernetes service account |
Kubernetes: service account | Creates a Kubernetes service account, role, and rolebinding within a namespace |
Kubernetes: service pod | Creates a pod in a namespace to access AWS services using the AWS CLI |
OpenSearch | Creates an OpenSearch domain |
Pushgateway | Creates a Prometheus Pushgateway |
RDS Aurora cluster | Creates an RDS Aurora cluster |
RDS database instance | Creates an RDS instance (Postgres, MySQL, MariaDB, MSSQL) |
S3 bucket | Creates an S3 bucket |
Secrets Manager | Creates and manages a secret in Secrets Manager |
SNS topic | Creates an SNS topic |
SQS queue | Creates an SQS queue |
Team-facing
Name | Description |
---|---|
Auth0 | Creates the auth0 clients for the Kubernetes server and its components |
AWS Read-Only - SSO | Allow web console logins using Github credentials via SAML |
AWS Account Baselines | Holds security and operational baselines implemented in Cloud Platform AWS accounts |
Bastion | Deploys a bastion instance |
CertManager | Deploys certmanager for automated TLS certificates |
Cluster Autoscaler | Deploys Cluster Autoscaler |
Concourse | Deploys ConcourseCI within a Kubernetes cluster |
Descheduler | Deploys Descheduler |
EKS Addons | Deploys Cloud Platform EKS Add ons |
EFS CSI | Enables AWS EFS (NFS compatible) storage backend for Kubernetes |
EKS CSI Storage | Enables EKS CSI storage backend for Kubernetes (EBS volumes) |
External DNS | Deploys external-dns to control DNS records dynamically |
Global Auth0 | Deploys Auth0 actions globally for auth0 tenant |
IAM Configuration | Holds Cloud Platform team IAM configuration for AWS Accounts |
Ingress controller | Deploys an NGINX ingress controller |
Kuberhealthy | Deploys Kuberhealthy Operator and custom checks |
Kuberos | Deploys kuberos which enables users to authenticate to the cluster |
Logging | Deploys standard logging tools such as fluentbit, etc. |
Monitoring | Deploys standard monitoring tools such as AlertManager, exporters, etc. |
OPA Deploys OPA and required policies | |
Starter Pack | Deploys Helloworld and multicontainer app |
Trivy Operator | Deploys Trivy Operator |
Velero Deploys velero to manage backup and restore | |
VPC Flow logs | Enables AWS Flow logs to capture information about the IP traffic going to and from network interfaces in VPC. |
Other
Demonstration and reference applications
Name | Description |
---|---|
Multi-container app | Reference application for multi-container services |
Go app | Reference application written in Go |
Ruby app | Reference application written in Ruby |
Miscelleanous
Name | Description |
---|---|
Canary | Deploys AWS Synthetics Canary resource |
Custom error pages | Customised error pages for uncaught routes |
Environments checker | Detects orphaned namespaces and AWS resources |
Helm charts | Custom Cloud Platform helm charts |
Kuberos | A fork of original Kuberos, managed by Cloud Platform |
Tools image | Docker image containing tools used by pipelines |
Useful links
It may be useful to look at: