Ministry of Justice Official - Staff Infrastructure and Devices
About this repository
This is a list of repositories used by MoJ Official to deploy infrastructure and configure devices.
Amazon Web Services Deployment
- Shared Services Infrastructure - Used to create AWS CodePipelines for our services.
- Docker Container base Images - Container Images repository in AWS ECR.
Azure Landing Zone
- Azure DevOps Pipeline - Build and maintain Azure Landing Zone.
Certificate Services
- Public Key Infrastructure - Public Key Infrastructure for devices and users. This repository only deploys the AWS resources, such as VPC, Security groups, EC2 instances which Entrust build their managed service on.
Device Management
- Windows 10 Configuration - Intune Windows Configuration.
- Windows 10 Applications - Intune Windows Applications.
- iOS Configuration - iOS Configuration.
- iOS Applications - iOS Applications.
- Windows Virtual Desktop - WVD - Windows Virtual Desktop.
DHCP / DNS
- DHCP Server ECR Image - Creates the AWS ECR container image for ISC Kea.
- Admin console for DHCP and DNS - Frontend for managing staff device site dhcp dns.
- Provision infrastructure - Code to build the AWS infrastructure for the DNS and DHCP platform.
- Disaster Recovery runbook -This repo contains an interactive script which can be used to roll back a corrupt config file for the DNS or DHCP services.
- Staff Device DNS / DHCP / Logging integration tests -These scripts emulate UDP traffic for both DHCP and Syslog requests. They are run from the Corsham VM to test the services over the network.
Infrastructure Monitoring and Alerting
- App Reachability - Container to remote write blackbox http application prometheus metrics.
- Blackbox Exporter - To probe endpoints over HTTP, HTTPS, DNS, TCP and ICMP.
- DNS Reachability - Container to remote write blackbox DNS prometheus metrics.
- Data Source Configuration - To provision data sources for the IMA Platform.
- Helm Charts - Deploy helm charts to EKS
- IMA Platform - Infrastructure Monitor and alerting.
- Metric Aggregation Server - To pull data from the SNMP exporter (Docker image)
- Private DNS Zone - Route53 DNS zone
- SNMP Exporter - To scrape data from physical devices (Docker image)
Network Assessment
- Network Assessment Tooling - Information on the tooling and resources used to verify prison site readiness
Security Log Aggregation and Shipping
- Log Shipping Infrastructure - Log shipping to infrastructure > OST
- Syslog to CloudWatch - Syslog to aws cloudwatch > OST
SMTP Relay Service
Palo Alto Global Protect
- GlobalProtect FW EC2 Deployment - GlobalProtect firewall deployment
- GlobalProtect ASG Deployment - GlobalProtect Autoscale Deployment
- GlobalProtect lambda functions - GlobalProtect lambda functions
- Panorama Configuration - Panorama Config written in Terraform
- Public Services Network - Public Services Network connection in AWS, connected via Lumen (previously CenturyLink)
Transit Gateway
- AWS Transit Gateway Configuration - AWS transit gateway deployment configuration
- AWS Transit Gateway Deployment - AWS transit gateway deployment
- AWS Transit Gateway Configuration Cloud Platform - AWS transit gateway configuration that is now managed by TechOps. This was previously managed by Cloud Platform.
Tags for Application and Services
List of our applications and services which we use to identify and tag our resources.
Tag | Value |
---|---|
application |
azure-landing-zone |
application |
certificate-services |
application |
dhcp-dns |
application |
infrastructure-monitoring |
application |
internet-gateway-service |
application |
security-log-shipping |
application |
standard-operating-platform |
application |
global-protect |
application |
transit-gateway |
application |
public-services-network |
Mandatory Tags
Tag | Value |
---|---|
application |
<applicaiton> |
business-unit |
HQ |
is-production |
true or false |
owner |
<team-name>: <team-email> cloud-ops or tech-ops |
Optional Tags
Tag | Value |
---|---|
environment-name |
production, staging, test, or development |
component |
API Gateway |
infrastructure-support |
<team-name>: <team-email> |
runbook |
The URL of the service’s runbook. |
source-code |
The URL(s) for any source code repositories related to this infrastructure, comma separated. |
Please see Documenting owners of infrastructure within MoJ Technical Guidance for more information on tagging.