Rich Green

Based on my findings of usage of ECS and EKS in across the MP here is a list of options that members could consider to ensure their infrastructure is patched...

@sukeshreddyg suggested that we could write a lambda script that scans the AMIs in use by clusters in member accounts and compares that with the latest versions so that we...

Stories to write: - [x] 1. Contact MP members with hardcoded AMIs to suggest alternative ways to stay up to date - https://github.com/ministryofjustice/modernisation-platform/issues/7188 - [x] 2. Monitor for outdated ECS/EKS...

Here's an example of how it could be achieved at single account level with AWS CLI commands... https://stackoverflow.com/questions/60084104/aws-ssm-agent-using-the-aws-cli-is-there-a-way-to-list-all-the-aws-instances I guess you could run this somewhere in the bootstrap and have...

I've written a script that runs some cli commands to check which instances are managed by SSM and have a workflow that triggers the script in each account on the...

Here's a first go at listing all the instances. This has only searched in `eu-west-2`. The job timed out as it lasted longer than 1hr if I ran it scanning...

After discussion at stand-up we agreed we should write a ticket for: - Finding out which Operating Systems the instances are using which haven't got the SSM agents installed so...

This PR https://github.com/ministryofjustice/modernisation-platform-security/pull/8 adds ability to scan MP instances to see which don't have the SSM agent installed. The result contains information on the platform of the instance so we...

https://github.com/ministryofjustice/modernisation-platform/issues/7088 issue raised to contact customers based on results from the script.

The issue of the secret not being updated in GitHub has happened once more where an account deletion was involved.... https://mojdt.slack.com/archives/C013RM6MFFW/p1710181133706049?thread_ts=1710158699.597139&cid=C013RM6MFFW Could be worth investing time in this ticket to...