Shut down the Systems Strategy (Legacy) account

[alexwlchan]

The Systems Strategy account is an old AWS account that predates the modern platform; it's running a lot of out-of-date stuff. We should work out what's in this account, delete or migrate it as appropriate, then close it.

Based on the current AWS bill, there are three interesting things in this account:

• A couple of applications running on Elastic Beanstalk
• A collection of S3 buckets containing a variety of things
• A pair of EC2 instances tied to the Elastic Beanstalk apps (?)

[alexwlchan]

The Elastic Beanstalk apps

One of these was an app running at http://wellcome-lib-patterns.elasticbeanstalk.com/; the other was what looked like a "hello world" app. Both were running versions of PHP 5, last deployed in 2013 and 2015 respectively, protected by unknown passwords. They also had warnings from AWS about using an outdated deployment pattern.

These apps have been doing… something, but I don't know what. Every so often, an alert comes through the NCW Splunk instance about Elastic Beanstalk starting an instance in this account, but since I don't know what these apps are doing it's hard to tell what that's about.

I asked in Slack:

anybody know what was behind http://wellcome-lib-patterns.elasticbeanstalk.com/ and whether we want to keep it?

and Jenn P-B replied:

That was the pattern library for the old library site. Not required!

So I've terminated the two apps through the Elastic Beanstalk console.

[alexwlchan]

EC2 infrastructure

Stopping the Elastic Beanstalk apps has caused the two running EC2 instances to stop.

There's also a load balancer named image-server-layer in the account; however it has no associated instances – I suspect this was part of the old DLCS infrastructure. This load balancer can't do anything, so I've deleted it.

[alexwlchan]

There are two EBS volumes, one of which is attached to a stopped EC2 instance running Windows named "WP Migration"; I assume that's for a long ago WordPress migration. The other is named nas-1a and not attached to anything.

I'm going to remove both of them, including the EC2 instance.

[alexwlchan]

S3 buckets

Here's a list of all the S3 buckets in the account:

And here's what I'm doing with them:

• wdl-preservica is empty. This used to hold any Preservica objects which were in S3, but we emptied it when we turned off Preservica – there are comments in Slack suggesting we should delete this bucket, but apparently we never got round to it. I've deleted it.
• elasticbeanstalk-us-east-1-48709437041 is also empty, so I deleted it.
• wdl-preservica-test is the destination for some CloudTrail logs; it doesn't contain anything else. Since we're hoping to close the account soon, I'm going to leave it as-is – it's a useful check that nothing is happening except the D&T CloudHealth Splunk instance logging in to get CloudTrail logs.

• The wdl-video-* buckets were used by older versions of DLCS/DDS to create derivative copies of videos. They contained MP4 and WebM videos named with UUIDs that are Preservica IDs, e.g. s3://wdl-video-open/webm/ffa6a981-b83f-4551-abeb-2fdb75497e41.webm. Based on discussion with Harkiran, Ashley, and Digirati, there shouldn't be anything worth saving in these buckets.

  (I've also cross-checked the Preservica IDs against bags in the storage service, and confirmed we have corresponding bags for each of these video derivatives. We've already checked all the Preservica content, but double-checking can't hurt.)

[alexwlchan]

The moh-reports bucket had three top level items: two zip files containing the full text of the MoH reports, and then a folder of reports in CSV/HTML/XML/TXT format. The zips folder was organised both by date and location.

We provide some MOH snapshots from data.wellcomecollection.org, and I'm guessing they come from the All_Report_Tables zips here.

However, upon closer inspection, these packages are incomplete – there are files in the old Systems Strategy bucket which aren't in the current snapshots. I’ll open a separate ticket for this, then ~empty and delete that bucket also~.

[alexwlchan]

The MOH files in that bucket are referred to from https://wellcomelibrary.org/moh/about-the-reports/using-the-report-data/, so I'm going to leave this as-is for now.

We could migrate the moh-reports bucket to another account, but that's unnecessary work.

Parking this until we close down the MOH site – but this account has been cut down, and in particular we've turned off several public-facing services and tidied up the IAM permissions. Progress!