Merge pull request #8130 from ministryofjustice/feature/6767-create-r…

…unbook-for-core-vpc-$environment-accounts

Feature/6767 create runbook for core vpc $environment accounts

README.md

@@ -75,4 +75,4 @@ These modules are used by the Modernisation Platform's core infrastructure
 [SCA Icon]: https://img.shields.io/github/actions/workflow/status/ministryofjustice/modernisation-platform/code-scanning.yml?branch=main&labelColor=231f20&style=for-the-badge&label=Secure%20Code%20Analysis
 [SCA Link]: https://github.com/ministryofjustice/modernisation-platform/actions/workflows/code-scanning.yml
 [Terraform SCA Icon]: https://img.shields.io/github/actions/workflow/status/ministryofjustice/modernisation-platform/code-scanning.yml?branch=main&labelColor=231f20&style=for-the-badge&label=Terraform%20Static%20Code%20Analysis
-[Terraform SCA Link]: https://github.com/ministryofjustice/modernisation-platform/actions/workflows/terraform-static-analysis.yml
+[Terraform SCA Link]: https://github.com/ministryofjustice/modernisation-platform/actions/workflows/terraform-static-analysis.yml

source/index.html.md.erb

@@ -135,6 +135,7 @@ This documentation is for anyone interested in the Modernisation Platform and it
 - [Querying VPC flow logs](runbooks/querying-vpc-flow-logs.html)
 - [Recreating the core-logging-production account](runbooks/recreate-core-logging-production-account.html)
 - [Recreating the core-shared-services account](runbooks/recreate-core-shared-services-production.html)
+- [Recreating the core-vpc-$environments accounts](runbooks/recreate-core-vpc-$environment-accounts.html.md)
 - [Recreating the modernisation-platform account](runbooks/recreate-modernisation-platform-account.html)
 - [Removing a team member from the Modernisation Platform](runbooks/removing-a-team-member.html)
 - [Reviewing Dependabot PRs](runbooks/reviewing-dependabot-prs.html)

source/runbooks/recreate-core-vpc-$environment-accounts.html.md.erb

@@ -0,0 +1,72 @@
+---
+owner_slack: "#modernisation-platform"
+title: Core VPC Environments Accounts Setup
+last_reviewed_on: 2024-09-30
+review_in: 6 months
+---
+
+<!-- Google tag (gtag.js) -->
+<script async src="https://www.googletagmanager.com/gtag/js?id=G-NXTCMQ7ZX6"></script>
+<script>
+  window.dataLayer = window.dataLayer || [];
+  function gtag(){dataLayer.push(arguments);}
+  gtag('js', new Date());
+  gtag('config', 'G-NXTCMQ7ZX6');
+</script>
+
+# <%= current_page.data.title %>
+
+## Overview
+
+The core-vpc AWS accounts are responsible for creating the core VPC resources in the VPC accounts.
+
+| Resource | Description |
+|----------------- |------------------------------------------------
+| VPCs| Provides networking resources 
+| VPC endpoints| Enables secure access to services without internet 
+| RAM shares | Shares AWS resources across accounts securely   
+| Transit Gateway connectivity| Provides scalable and flexible networking connections
+
+## Steps
+## 1. Account Creation 
+
+Please note that aliases do not have a retention period. If an alias still exists under the same organizational unit, you cannot reuse the same alias. To prevent the alias from being recreated, you need to add the environment name to the [skip alias local](https://github.com/ministryofjustice/modernisation-platform/blob/e9d5e14a25e5b0f4e544b26f0332e285e6c506a1/terraform/environments/bootstrap/member-bootstrap/locals.tf#L57).
+
+To initiate the account recreation process, go to the GitHub Actions page for the Modernisation Platform repository and trigger the new environment [workflow] (https://github.com/ministryofjustice/modernisation-platform/actions/workflows/new-environment.yml).
+This workflow should detect that the account no longer exists and propose to recreate the account. As part of this process, it will also execute the baseline runs for the account. 
+
+## 2. Deploy The Core VPC Resources
+
+To recreate the resources run the actions below in Github
+
+- [core-vpc-test-deployment](https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/core-vpc-test-deployment.yml)
+- [core-vpc-development-deployment](https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/core-vpc-development-deployment.yml)
+- [core-vpc-preproduction-deployment](https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/core-vpc-preproduction-deployment.yml)
+- [core-vpc-production-deployment](https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/core-vpc-production-deployment.yml)
+
+
+If a GitHub Actions deployment is not available the resources can be redeployed locally:  
+
+- Navigate to the `modernisation-platform` repo and change to the `terraform/environments/core-vpc` directory
+- Using MP admin credentials, execute `terraform apply` from the `core-vpc-$environment` workspace
+
+## 3. Verify Resources
+
+- Log into AWS Console for the `core-vpc-$environment` account
+- Verify that resources have been correctly provisioned:
+  - Do VPCs exist with the correct configurations?
+  - Verify that CloudTrail is configured to log API activity related to VPC changes and VPC Flow Logs.
+  - Are VPC endpoints created for necessary services, and are they properly configured?
+  - Are RAM shares properly established to share resources across accounts?
+  - Is Transit Gateway connectivity correctly set up and functioning for all connected VPCs?
+
+
+## 4. Notify Mod Platform Team
+- Inform Modernisation Platform team of rebuild process
+- Inform customers that account has been recreated
+
+
+## References
+
+* [Accessing the AWS Console](https://user-guide.modernisation-platform.service.justice.gov.uk/user-guide/accessing-the-aws-console.html)
+* [Disaster Recovery Process](https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/dr-process.html)