architecture-decision-record

Modernisation Platform - Architecture Decisions

This is our architecture decision log, made during the design and build of the Modernisation Platform.

Table of contents

1. ✅ Record architecture decisions
2. ❌ Use IAM Federated Access
3. ✅ Use AWS SSO
4. ⌛️ Use bash, nodejs, and python as core languages
5. ✅ Use GitHub Actions as our CI/CD runner
6. ✅ Use a multi-account strategy for applications
7. ✅ Use Terratest, OPA and Go for testing
8. ✅ Use KMS in the Shared Services Account for Cross Account Encryption
9. ✅ Use Secrets Manager for Secrets
10. ✅ Terraform module strategy
11. ❌ Use VPC flow logs to gain insight into network state
12. ❌ Use Transit Gateway Route Analyzer to check desired state for route tables
13. ❌ Use IaC Network tester to test connectivity rules
14. ✅ Create Application Elastic Container Repositories (ECR) in the shared-services account
15. ✅ IP Address Allocation
16. ✅ Monitoring and Alerting
17. ✅ Use AWS Shield Advanced
18. ✅ Use bash and go as core languages
19. ✅ How we create and maintain documentation
20. ✅ Use a Go Lambda for instance scheduling
21. ✅ Patching Strategy
22. ✅ Backup Strategy
23. ✅ Egress firewall inspection
24. ✅ Non Standard User Infrastructure
25. ✅ Use Network Services account for DNS resources

Statuses

• ✅ Accepted
• ❌ Rejected
• 🤔 Proposed
• ⌛️ Superseded
• ♻️ Amended