Spike: Sustainability - Ability of updating member env in a scalable manner.

SimonPPledger commented 6 months ago

User Story

As the modernisation product manager I need to know that we can update member environments quickly. So that this might be when we have identified a security issue that may need to be rolled out to all member environments or just individual environments.

This ticket is to look at potential options and recommend an option. Note that some of these might break an environment but might secure the platform against further risk. This is likely to be required following on from security team request.

eg: How would we make security group changes quickly? (or is this already covered here How would we implement a patch/change ? How could we rotate AMIs within EC2 instances? How could we recycle containers within ECS/EKS instances? Rotating secrets Is there anything else we are missing?

Value / Purpose

We can quickly make critical changes

Useful Contacts

No response

Additional Information

No response

Proposal / Unknowns

No response

Definition of Done

[ ] Proposal for options for how we can quickly role out changes, covering:
- [ ] security group changes
- [ ] patches/changes
- [ ] rotating AMIs within EC2s
- [ ] recycling containers within ECS/EKS
- [ ] Rotating secrets
[ ] options reviewed with pros and cons with team and preferred option agreed
[ ] Tickets raised to enable and to document

github-actions[bot] commented 3 months ago

This issue is stale because it has been open 90 days with no activity.

markgov commented 2 months ago

@SimonPPledger we need more information on what is required

ministryofjustice / modernisation-platform