Ministry of Justice Cloud Platform

March 31, 2025 ยท View on GitHub

About this repository

This is the Ministry of Justice (MOJ) Cloud Platform team's repository for public facing documentation, feature work, enhancements, and issues.

The Cloud Platform team utilises GitHub issues to manage their work, and a team Github Project to surface GitHub issues into a product management board.

It's best to search our GitHub issues before adding new issues in an effort to reduce duplicates and encourage activity through existing conversations.

This repository has a GitHub action that checks all links in *.md files and creates a GitHub issue if the link returns a non-200 status code. If you have a link that doesn't resolve through the public internet (e.g. 127.0.0.1, localhost, or other internal links), please update the .ignore-links file including the fully-qualified domain name (FQDN).

Other Cloud Platform repositories

We have a series of repositories for our work. We have adopted the naming convention of naming each repository starting with cloud-platform-*. Where some repositories have similar purposes, we try to follow a common prefix (e.g. cloud-platform-terraform-* for Terraform modules). We also name things so that users can understand what a repository does through its name.

Core

NameDescription
Cloud Platform (this repository)Public facing documentation, feature work, enhancements, and issues
Cloud Platform environmentsUser-created environments that are hosted on the Cloud Platform
Cloud Platform infrastructureCore infrastructure for the Cloud Platform
Cloud Platform user guideUser-focussed documentation for how to get started and use the Cloud Platform

Terraform modules

User-facing

Find an up to date list in our user guide

Team-facing

NameDescription
Auth0Creates the auth0 clients for the Kubernetes server and its components
AWS Read-Only - SSOAllow web console logins using Github credentials via SAML
AWS Account BaselinesHolds security and operational baselines implemented in Cloud Platform AWS accounts
BastionDeploys a bastion instance
CertManagerDeploys certmanager for automated TLS certificates
Cluster AutoscalerDeploys Cluster Autoscaler
ConcourseDeploys ConcourseCI within a Kubernetes cluster
DeschedulerDeploys Descheduler
EKS AddonsDeploys Cloud Platform EKS Add ons
EFS CSI - ** NOT IN USE **Enables AWS EFS (NFS compatible) storage backend for Kubernetes
EKS CSI StorageEnables EKS CSI storage backend for Kubernetes (EBS volumes)
External DNSDeploys external-dns to control DNS records dynamically
Global Auth0Deploys Auth0 actions globally for auth0 tenant
IAM ConfigurationHolds Cloud Platform team IAM configuration for AWS Accounts
Ingress controllerDeploys an NGINX ingress controller
KuberosDeploys kuberos which enables users to authenticate to the cluster
LoggingDeploys standard logging tools such as fluentbit, etc.
MonitoringDeploys standard monitoring tools such as AlertManager, exporters, etc.
GatekeeperDeploys Gatekeeper policy controller and required policies
Starter PackDeploys Helloworld and multicontainer app
Trivy OperatorDeploys Trivy Operator
VeleroDeploys Velero to manage backup and restore
VPC Flow logsEnables AWS Flow logs to capture information about the IP traffic going to and from network interfaces in VPC.
OpenSearch CloudWatch AlarmDeploys the recommended Amazon OpenSearch CloudWatch Alarm and sends alerts to an SNS topic

Other

Demonstration and reference applications

NameDescription
Multi-container appReference application for multi-container services
Go appReference application written in Go
Ruby appReference application written in Ruby

Miscelleanous

NameDescription
CanaryDeploys AWS Synthetics Canary resource
Custom error pagesCustomised error pages for uncaught routes
Environments checkerDetects orphaned namespaces and AWS resources
Helm chartsCustom Cloud Platform helm charts
KuberosA fork of original Kuberos, managed by Cloud Platform
Tools imageDocker image containing tools used by pipelines

It may be useful to look at: