ADR-002 Use Modernisation Platform for hosting infrastructure unsuitable for Cloud Platform
Status
✅ Accepted
Context
We need a location to host AWS workloads. Historically, the team has managed projects and products in the data space, in their own AWS accounts. This approach has led to issues with misalignment of security baselines and independent management of some AWS accounts.
The available options are:
- Self managed AWS accounts
- Modernisation Platform managed AWS accounts
Decision
We will use the Modernisation Platform for hosting infrastructure that is not suitable for Cloud Platform. Modernisation Platform is a managed public cloud platform endorsed by Justice Digital. Features include centralised security, networking, monitoring and service wrap.
Consequences
As a result of this decision we will benefit from all of the features documented in the Modernisation User Guide.
In addition to the drawing on wider Platforms & Architecture expertise, we will be able to take advantage of
- A defined security baseline out of the box
- Minimisation of clickops with restricted console access
- Github Actions bots already in place to maintain IaC quality (TFSEC / Checkov / CTFLint)
- PR approval workflows for infrastructure
- Cost effectiveness of re-use rather than build from scratch
- Sustainability with automatic tear-down of experimental environments