Skip to content

Latest commit

 

History

History

environments

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
analytical-platform-common
analytical-platform-common
 
 
analytical-platform-compute
analytical-platform-compute
 
 
analytical-platform-data-engineering
analytical-platform-data-engineering
 
 
analytical-platform-data
analytical-platform-data
 
 
analytical-platform-ingestion
analytical-platform-ingestion
 
 
analytical-platform-landing
analytical-platform-landing
 
 
analytical-platform-management
analytical-platform-management
 
 
analytical-platform
analytical-platform
 
 
apex
apex
 
 
bichard7
bichard7
 
 
bootstrap
bootstrap
 
 
ccms-ebs-upgrade
ccms-ebs-upgrade
 
 
ccms-ebs
ccms-ebs
 
 
cdpt-chaps
cdpt-chaps
 
 
cdpt-ifs
cdpt-ifs
 
 
cica-copilot
cica-copilot
 
 
cica-data-extraction
cica-data-extraction
 
 
cica-tariff
cica-tariff
 
 
contract-work-administration
contract-work-administration
 
 
cooker
cooker
 
 
core-logging
core-logging
 
 
core-network-services
core-network-services
 
 
core-sandbox
core-sandbox
 
 
core-security
core-security
 
 
core-shared-services
core-shared-services
 
 
core-vpc
core-vpc
 
 
corporate-information-system
corporate-information-system
 
 
corporate-staff-rostering
corporate-staff-rostering
 
 
dacp
dacp
 
 
data-and-insights-wepi
data-and-insights-wepi
 
 
data-platform-apps-and-tools
data-platform-apps-and-tools
 
 
data-platform
data-platform
 
 
delete-account
delete-account
 
 
delius-core
delius-core
 
 
delius-iaps
delius-iaps
 
 
delius-jitbit
delius-jitbit
 
 
delius-mis
delius-mis
 
 
delius-nextcloud
delius-nextcloud
 
 
digital-prison-reporting
digital-prison-reporting
 
 
edw
edw
 
 
electronic-monitoring-data
electronic-monitoring-data
 
 
equip
equip
 
 
eric
eric
 
 
example
example
 
 
genesys-call-centre-data
genesys-call-centre-data
 
 
hmpps-domain-services
hmpps-domain-services
 
 
hmpps-oem
hmpps-oem
 
 
laa-ccms-infra-azure-ad-sso
laa-ccms-infra-azure-ad-sso
 
 
laa-mail-relay
laa-mail-relay
 
 
laa-oem
laa-oem
 
 
laa-stabilisation-cdc-poc
laa-stabilisation-cdc-poc
 
 
long-term-storage
long-term-storage
 
 
maat
maat
 
 
maatdb
maatdb
 
 
mi-platform
mi-platform
 
 
mlra
mlra
 
 
moj-network-operations-centre
moj-network-operations-centre
 
 
mojfin
mojfin
 
 
ncas
ncas
 
 
nomis-combined-reporting
nomis-combined-reporting
 
 
nomis-data-hub
nomis-data-hub
 
 
nomis
nomis
 
 
oas
oas
 
 
oasys-national-reporting
oasys-national-reporting
 
 
oasys
oasys
 
 
observability-platform
observability-platform
 
 
operations-engineering
operations-engineering
 
 
opg-lpa-data-store
opg-lpa-data-store
 
 
panda-cyber-appsec-lab
panda-cyber-appsec-lab
 
 
performance-hub
performance-hub
 
 
planetfm
planetfm
 
 
portal
portal
 
 
ppud
ppud
 
 
pra-register
pra-register
 
 
refer-monitor
refer-monitor
 
 
sprinkler
sprinkler
 
 
testing
testing
 
 
tipstaff
tipstaff
 
 
tribunals
tribunals
 
 
wardship
wardship
 
 
xhibit-portal
xhibit-portal
 
 
youth-justice-app-framework
youth-justice-app-framework
 
 
README.md
README.md
 
 
environments.tf
environments.tf
 
 
locals.tf
locals.tf
 
 
main.tf
main.tf
 
 
secrets.tf
secrets.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Modernisation Platform - Environments

This directory creates and maintains organisational units, their accounts, and their relationships with the Modernisation Platform. It needs to be run at the MoJ root account level, with a user that has access to assume a role in the Modernisation Platform.

Bootstrapping accounts

The subdirectory bootstrap enables bootstrapping resources in all accounts that are part of the Modernisation Platform, such as an IAM role for cross-account access and security implementations. It utilises terraform workspaces and has a new-environment.yml workflow to create accounts and bootstrap them as part of our CI/CD pipeline.

State management

The Terraform state is stored in the modernisation-platform-terraform-state bucket alongside other states creates in this repository. The user that this configuration should be run as needs access.