Skip to content

Latest commit

 

History

History

architecture-decision-record

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
0001-record-architecture-decisions.md
0001-record-architecture-decisions.md
 
 
0002-use-iam-federated-access.md
0002-use-iam-federated-access.md
 
 
0003-use-aws-sso.md
0003-use-aws-sso.md
 
 
0004-use-bash-node-python-as-core-languages.md
0004-use-bash-node-python-as-core-languages.md
 
 
0005-use-github-actions.md
0005-use-github-actions.md
 
 
0006-use-a-multi-account-strategy-for-applications.md
0006-use-a-multi-account-strategy-for-applications.md
 
 
0007-use-terratest-opa-and-go-for-testing.md
0007-use-terratest-opa-and-go-for-testing.md
 
 
0008-use-kms-in-shared-services-for-cross-account-encryption.md
0008-use-kms-in-shared-services-for-cross-account-encryption.md
 
 
0009-use-secrets-manager-for-secrets.md
0009-use-secrets-manager-for-secrets.md
 
 
0010-terraform-module-strategy.md
0010-terraform-module-strategy.md
 
 
0011-use-vpc-flow-logs-to-gain-insight-into-network-state.md
0011-use-vpc-flow-logs-to-gain-insight-into-network-state.md
 
 
0012-use-tgw-route-analyzer-to-check-desired-state-for-route-tables.md
0012-use-tgw-route-analyzer-to-check-desired-state-for-route-tables.md
 
 
0013-use-iac-network-tester-to-test-connectivity-rules.md
0013-use-iac-network-tester-to-test-connectivity-rules.md
 
 
0014-create-ecr-in-the-shared-services-account.md
0014-create-ecr-in-the-shared-services-account.md
 
 
0015-use-aws-image-builder-for-managing-amis.md
0015-use-aws-image-builder-for-managing-amis.md
 
 
0016-ip-address-range-allocation.md
0016-ip-address-range-allocation.md
 
 
0017-monitoring-and-alerting.md
0017-monitoring-and-alerting.md
 
 
0018-use-aws-shield-advanced.md
0018-use-aws-shield-advanced.md
 
 
0019-use-bash-go-as-core-languages.md
0019-use-bash-go-as-core-languages.md
 
 
0020-how-we-create-and-maintain-documentation.md
0020-how-we-create-and-maintain-documentation.md
 
 
0021-use-a-go-lambda-for-instance-scheduling.md
0021-use-a-go-lambda-for-instance-scheduling.md
 
 
0022-patching-strategy.md
0022-patching-strategy.md
 
 
0023-backup-strategy.md
0023-backup-strategy.md
 
 
0024-egress-traffic-inspection.md
0024-egress-traffic-inspection.md
 
 
0025-non-standard-user-infrastructure.md
0025-non-standard-user-infrastructure.md
 
 
0026-use-network-services-account-for-dns.md
0026-use-network-services-account-for-dns.md
 
 
0027-use-member-cicd-access-for-configuration-management.md
0027-use-member-cicd-access-for-configuration-management.md
 
 
0028-expand-the-scope-of-the-platform.md
0028-expand-the-scope-of-the-platform.md
 
 
0029-how-we-deploy-shared-active-directory-controllers.md
0029-how-we-deploy-shared-active-directory-controllers.md
 
 
0030-cross-environment-network-access.md
0030-cross-environment-network-access.md
 
 
0031-llms-will-be-hosted-on-the-analytical-platform.md
0031-llms-will-be-hosted-on-the-analytical-platform.md
 
 
0032-ncsc-pdns-not-at-platform-level.md
0032-ncsc-pdns-not-at-platform-level.md
 
 
0033-s3-state-bucket-condition-security.md
0033-s3-state-bucket-condition-security.md
 
 
0034-use-cloud-map.md
0034-use-cloud-map.md
 
 
README.md
README.md
 
 

README.md

Modernisation Platform - Architecture Decisions

This is our architecture decision log, made during the design and build of the Modernisation Platform.

Table of contents

  1. Record architecture decisions
  2. Use IAM Federated Access
  3. Use AWS SSO
  4. ⌛️ Use bash, nodejs, and python as core languages
  5. Use GitHub Actions as our CI/CD runner
  6. Use a multi-account strategy for applications
  7. Use Terratest, OPA and Go for testing
  8. Use KMS in the Shared Services Account for Cross Account Encryption
  9. Use Secrets Manager for Secrets
  10. Terraform module strategy
  11. Use VPC flow logs to gain insight into network state
  12. Use Transit Gateway Route Analyzer to check desired state for route tables
  13. Use IaC Network tester to test connectivity rules
  14. Create Application Elastic Container Repositories (ECR) in the shared-services account
  15. Use AWS image builder for managing AMIs
  16. IP Address Allocation
  17. Monitoring and Alerting
  18. Use AWS Shield Advanced
  19. Use bash and go as core languages
  20. How we create and maintain documentation
  21. Use a Go Lambda for instance scheduling
  22. Patching Strategy
  23. Backup Strategy
  24. Egress firewall inspection
  25. Non Standard User Infrastructure
  26. Use Network Services account for DNS resources
  27. Use Member CICD Access for Configuration Management
  28. Expand the scope of the platform
  29. How we deploy shared Active Directory controllers
  30. Cross environment network access
  31. LLMs will be hosted on the Analytical Platform
  32. 🤔 NCSC PDNS will not be applied at platform level

Statuses

  • ✅ Accepted
  • ❌ Rejected
  • 🤔 Proposed
  • ⌛️ Superseded
  • ♻️ Amended