SimonPPledger comments

Results 46 comments of


                                            SimonPPledger

SPIKE: Automated certificate rotation for applications which require private certificates

This is for non AWS certificates, eg Gandi

Fix issue with baselines module throwing an error if default VPC resources don't exist

Currently not an issue - as we have implemented a workaround

Create runbook for complete loss of platform

Picked up by other tickets- so no longer required

Create runbook for loss of an AWS account

no longer required as combining with #1906

Automation to delete unused access keys for Platform users

IAM only ? what about admin users where we wouldn't normally log on

Spike: Rebuild the platform in another region

Lets add some more information, including any limitations etc

Spike: Automation to run TF plan and report to users if their environments are out of sync with their code

This is more of an application issue and individual app teams can run account specific plan

Investigate automatic secrets rotation with AWS Secrets Manager

we think we are now 'credential free' - once OIDC is complete. But need a separate ticket to review these are the secrets we have https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/rotating-secrets.html#introduction once that is done,...

Investigate an ELK stack for CloudTrail and other logging services

we are looking at an observability platform. so this is not required

ITHC Consider/Implement AWS DNSSEC

Closed as we cannot do now - it is still on the risk register