Skip to main content

Prerequisites

You and your team

You must be a member of a team in the Ministry of Justice GitHub organisation. That team must belong to parent team HMPPS Developers.

The team will determine access to the github repo and cloud platform namespaces.

To create the team and manage membership then raise a PR to change the terraform in the hmpps-github-teams repo and share the PR on #ask-prisons-digital-sre.

Team slack channels

The team must have a set of slack channels set up so they can respond to notifications and queries.

Note: The main requirement is for all production alerts to be published to a channel dedicated solely for production alerts.

The aim of this it to introduce a standard approach for how teams and support engineers monitor our applications.
We want to move noise out of production alert channels to help people identify issues quickly and reduce alert fatigue.
Production alert channels should only contain notifications that require immediate action.

Barring this main requirement there is some flexibility.

As an example, the abc team may have:

  • #hmpps_abc a public channel to allow other teams to contact them about their services
  • #hmpps_abc_alerts a channel for alerts in the production environment
  • #hmpps_abc_alerts_nonprod a channel for alerts from non-production environments
  • #hmpps_abc_alerts_security a channel for alerts triggered by security jobs
  • #hmpps_abc_devs a channel for dev chatter and release notifications

Custom alert receivers

You should also set up a custom alert receiver for production and non-production alerts to funnel notifications to your chosen slack channels.

As part of this you’ll need to raise a request with operation-engineering.

The abc team would set up alert receivers for the following severities:

  • hmpps-abc-prod which would funnel alerts to #hmpps_abc_alerts
  • hmpps-abc-noprod which would funnel alerts to #hmpps_abc_alerts_nonprod

These severities are required for the helm config used for prometheus alerting.

The service

You should aim to understand the following about your service before starting :

  • What are you going to call the service?

    • Guidance for service names can be found here .

  • Which DNS domain will this service use?

    • .hmpps.service.justice.gov.uk - the service is relevant across HMPPS

    • .prison.service.justice.gov.uk - the service is prison-focussed

    • .probation.service.justice.gov.uk - the service is probation-focussed

    • Other - may require additional work to setup DNS for bespoke domains and the Cloud Platform team can assist with this.

  • Does the service require restricted access? Which IP/subnets will be allowed access? This can be managed after creation with a restricted IP address list in the values-<env>.yaml files.

  • Does the service require other AWS resources - databases, caches, SQS queues, SNS topics or S3 buckets? These should be created using the terraform modules provided by Cloud Platform - see other services for examples.

This page was last reviewed on 27-Jan-2025, next review will be on 01-Jul-2025.
Edit this page here.