Cloud Platform user guide

This user guide is for teams with applications or services deployed on, or intending to deploy to, the Ministry of Justice’s Cloud Platform.

Overview

• What is the Cloud Platform?
• What can I host on the Cloud Platform?

Getting started

• Using the Cloud Platform CLI
• Creating a Cloud Platform environment
• Connecting to the Cloud Platform’s Kubernetes cluster
• Accessing the AWS console (read-only)
• Deploying an example application to the Cloud Platform
• Publish prototypes on the web
• Removing an unneeded namespace

Containers

• Requirements for deploying a container image to the Cloud Platform
• Creating a container repository for your Docker images
• Deprecating long-lived credentials for container repositories
• General Guidelines for Pod Requests and Limits

Databases

Relational databases

• Creating a relational database using PostgreSQL, MariaDB, or MySQL
• Upgrading a database version or changing the instance type
• Upgrading a database version of Aurora DB cluster

Other topics

• How do I run Rails database migrations?
• Migrating an RDS instance
• SSL connections with RDS
• Creating alerts for RDS
• Accessing your RDS database
• Viewing RDS Database Metrics
• RDS Snapshots
• Setup Postgres container
• SQL Server Native Backups

Key-value databases

Redis

• Creating a Redis cluster
• Upgrading a Redis version or changing the instance type

NoSQL

• Creating a NoSQL database

Storage

• Creating a file or object store

Other topics

• Migrating an S3 bucket
• StatefulSets (Pods with Persistent Volumes)
• Storage Classes
• Persistent-Volume encryption and snapshot

OpenSearch

• Creating an OpenSearch domain
• Upgrading an OpenSearch version or changing the instance type

Messaging

Publish/subscribe

• Creating a publish/subscribe service

Queue

• Creating a message queuing service

Custom domains

• Using a custom domain
• Creating a Route 53 Hosted Zone for your DNS records

Security

• Security Controls on the Cloud Platform
• IP Filtering
• ModSecurity - Web Application Firewall
• Network Policies
• Adding a secret to an application
• Secrets overview
• Git-Crypt
• Security testing and ITHC
• Setup Ingress to redirect security.txt
• Trivy image scanning
• Security Team Engagement

Continuous deployment

• Zero Downtime Deployments
• Create Ingress with duplicate hostnames across namespaces
• OPA Auto Approve

Observability

Monitoring

• Using the Cloud Platform Prometheus, AlertManager and Grafana
• Getting application metrics into Prometheus
• Creating your own custom alerts
• Creating Pingdom checks
• Using the CloudWatch data source in Grafana
• Publish a Grafana Dashboard Snapshot
• Using PrometheusRule Linter in Github Action pipeline

Logging

• Application Log Collection and Storage
• Accessing Application Log Data in OpenSearch
• Creating Monitor Alert in OpenSearch

Deprecations

• Migrating from live-1 to live domain name
• Removing Deprecated CronJob APIs for Cloud Platform
• Removing Deprecated PodDisruptionBudget APIs for Cloud Platform
• Deprecating long-lived credentials for container repositories
• Deprecating long-lived credentials for modules
• Moving from YAML defined Service Accounts to Terraform module based Service Accounts

Other topics

• Adding AWS resources to your environment
• Applying a Maintenance Page
• Long-running environments operations
• Access cross AWS resources IRSA EKS cluster
• DNS Domain Name Length considerations
• Accessing AWS APIs and resources from your namespace
• Using the Cloud Platform service pod to run maintenance tasks using the AWS CLI
• How do I get my data onto the Analytical Platform?
• Does my app need an ingress?
• Can I block egress traffic to the internet from my namespace?
• Sharing AWS resources across namespaces using SSM and IRSA

Tutorials

• Deploying an example application to the Cloud Platform

Reference

Cloud Platform

• Technical overview of the Cloud Platform
• Cloud Platform Operational Processes
• Deploying to the Cloud Platform
• Apply Pipeline
• Cloud Platform Disaster Recovery
• How Cloud Platform Meet the Service Standard
• Cloud Platform Metrics and Dashboards

Kubernetes

The Cloud Platform currently uses Kubernetes v1.27.

• Official Kubernetes v1.27 documentation
• Namespace/Container Resource Limits
• Kubectl quick reference
• Troubleshooting guide
• PodDisruptionBudgets and Cluster maintenance
• Kubernetes Cronjobs
• Kubernetes jobs
• Kubernetes: namespace definition files

Getting help

• Ask Cloud Platform
• Cloud Platform Support
• Checking the GitHub groups in your ID token

Adding to the guide

If there’s something missing, please either let us know and we’ll add a new article, or if you’re comfortable writing one yourself, PRs will be gratefully received. Details on how to get in touch are in the “Getting Help” section above, and the “GitHub” link at the top right of this page will take you to the repository for this guide.

This page was last reviewed on 5 March 2025. It needs to be reviewed again on 5 September 2025 by the page owner #cloud-platform .