Core Infrastructure
This project provisions network infrastructure, including:
- VPCs
- VPC endpoints
- subnets
- route tables and routes
- network ACLs
- Transit Gateway attachments
- VPC Flow Logs
- Test EC2 instances
This infrastructure is used to connect to the sources databases through Transit Gateways. Tech Ops/Cloud Ops manages the MoJ Transit Gateways this repository.
There are no public subnets because we don't need access to the internet. There is an S3 VPC endpoint to allow DMS to connect to S3.
The test EC2 instances are provisioned to test connectivity to the source databases, along with various other VPC endpoints to enable the use of Session Manager.
This diagram summarises the infrastructure for a single environment/stack:
Stacks
This project contains three stacks:
core-devcore-preprodcore-prod
Testing Database Access
You can test connection to the source databases from the EC2 instances.
If stopped, start the instance.
Connect to the EC2 instance using the Session Manager, then run:
curl -v telnet://<IP address or hostname>:1521
The following message should appear:
* Rebuilt URL to: telnet://<IP address or hostname>:1521/
* <IP address or hostname>...
* TCP_NODELAY set
* Connected to <IP address or hostname> (<IP address or hostname>) port 1521 (#0)
Note that it will take a while for the Session Manager to boot up on recently-started EC2 instances.
EC2 key-pair
N.B - a EC2 key-pair needs to be manually created before deploying the core code for the EC2 test instance.
The key-pair needs to follow the naming convention of test-
Created: January 9, 2024