David Elliott

icon company Ministry of Justice icon location Technical Architect / Webops Engineer specialising in AWS and cloud migrations.

Results 48 comments of David Elliott

Update SSO SCIM (node.js)

This has now been fixed

[SPIKE] Review how we check and monitor security group access

These are also currently raised by security hub

Investigate automatic secrets rotation with AWS Secrets Manager

We have very few secrets and most would require quite a lot of work to rotate. We now have a manual process in place for rotating so closing this.

Issue Slack notification upon AWS outage

Looks like we can do this with PagerDuty - https://support.pagerduty.com/docs/aws-health-dashboard#integrate-with-a-pagerduty-service

Issue Slack notification upon AWS outage

We now get emails from AWS health for accounts we manage, and users get them directly. I think this is probably enough as any regional / AZ alerts which would...

[SPIKE] Check to see what network Alerting we have and what we still need

Need to check the state of existing alerts and if there are any more we could add.

How to auto update bastions with latest AMI version

Could we update the bastion Autoscaling groups across the platform with a Lambda?

Spike - could we do a bastion per VPC?

I think we should monitor the number of bastions running in the platform, and implement this once the number is greater than 32. Otherwise we are using more resources than...

Automate Github Repo Tidy up

https://github.com/ministryofjustice/modernisation-platform/pull/2841

SPIKE: How do we ensure access keys are rotated every 90 days or less

Checked, this still needs to be implemented, although access keys for superadmins are deleted they are not for collaborators (only console access)