⚠️ This repository is now archived

Ministry of Justice Official - Staff Infrastructure and Devices

About this repository

This is a list of repositories used by MoJ Official to deploy infrastructure and configure devices.

Shared Services Infrastructure - Used to create AWS CodePipelines for our services.
Docker Container base Images - Container Images repository in AWS ECR.

Public Key Infrastructure - Public Key Infrastructure for devices and users. This repository only deploys the AWS resources, such as VPC, Security groups, EC2 instances which Entrust build their managed service on.

DHCP Server ECR Image - Creates the AWS ECR container image for ISC Kea.
Admin console for DHCP and DNS - Frontend for managing staff device site dhcp dns.
Provision infrastructure - Code to build the AWS infrastructure for the DNS and DHCP platform.
Disaster Recovery runbook -This repo contains an interactive script which can be used to roll back a corrupt config file for the DNS or DHCP services.
Staff Device DNS / DHCP / Logging integration tests -These scripts emulate UDP traffic for both DHCP and Syslog requests. They are run from the Corsham VM to test the services over the network.

App Reachability - Container to remote write blackbox http application prometheus metrics.
Blackbox Exporter - To probe endpoints over HTTP, HTTPS, DNS, TCP and ICMP.
DNS Reachability - Container to remote write blackbox DNS prometheus metrics.
Data Source Configuration - To provision data sources for the IMA Platform.
Helm Charts - Deploy helm charts to EKS
IMA Platform - Infrastructure Monitor and alerting.
Metric Aggregation Server - To pull data from the SNMP exporter (Docker image)
Private DNS Zone - Route53 DNS zone
SNMP Exporter - To scrape data from physical devices (Docker image)

Network Assessment Tooling - Information on the tooling and resources used to verify prison site readiness

GlobalProtect FW EC2 Deployment - GlobalProtect firewall deployment
GlobalProtect ASG Deployment - GlobalProtect Autoscale Deployment
GlobalProtect lambda functions - GlobalProtect lambda functions
Panorama Configuration - Panorama Config written in Terraform
Public Services Network - Public Services Network connection in AWS, connected via Lumen (previously CenturyLink)

AWS Transit Gateway Configuration - AWS transit gateway deployment configuration
AWS Transit Gateway Deployment - AWS transit gateway deployment
AWS Transit Gateway Configuration Cloud Platform - AWS transit gateway configuration that is now managed by TechOps. This was previously managed by Cloud Platform.

List of our applications and services which we use to identify and tag our resources.

Tag	Value
`application`	`azure-landing-zone`
`application`	`certificate-services`
`application`	`dhcp-dns`
`application`	`infrastructure-monitoring`
`application`	`internet-gateway-service`
`application`	`security-log-shipping`
`application`	`standard-operating-platform`
`application`	`global-protect`
`application`	`transit-gateway`
`application`	`public-services-network`

Mandatory Tags

Tag	Value
`application`	`<applicaiton>`
`business-unit`	`HQ`
`is-production`	`true or false`
`owner`	`<team-name>: <team-email> cloud-ops or tech-ops`

Optional Tags

Tag	Value
`environment-name`	`production, staging, test, or development`
`component`	`API Gateway`
`infrastructure-support`	`<team-name>: <team-email>`
`runbook`	`The URL of the service’s runbook.`
`source-code`	`The URL(s) for any source code repositories related to this infrastructure, comma separated.`

Please see Documenting owners of infrastructure within MoJ Technical Guidance for more information on tagging.