Skip to main content

Prerequisites

You and your team

Your Github account (and all those of other members of your team) must be a member of the Ministry of Justice GitHub organisation. Guidance for this can be found on the Operations Engineering site.

The HMPPS developers team is the over-arching team that is used, with subteams, to determine access to the github repo and cloud platform namespaces.

Since hmpps-developers is managed by Terraform, all new teams must be created in the following way:

Creating a new team under hmpps-developers

  1. Create a new branch of hmpps-github-teams
  2. Modify the teams.tf file to include the new team, with the appropriate parent (generally hmpps-developers)
  3. Modify the users.tf to add the team and members

Important: The Terraform will fail if any member is not part of the Ministry of Justice organisation.

  1. Raise a PR, and share the details on the #ask-prisons-digital-sre slack channel

Team slack channels

The team must have a set of slack channels set up so they can respond to notifications and queries.

Note: The main requirement is for all production alerts to be published to a channel dedicated solely for production alerts.

The aim of this it to introduce a standard approach for how teams and support engineers monitor our applications.
We want to move noise out of production alert channels to help people identify issues quickly and reduce alert fatigue.
Production alert channels should only contain notifications that require immediate action.

Barring this main requirement there is some flexibility.

As an example, the abc team may have:

  • #hmpps_abc a public channel to allow other teams to contact them about their services
  • #hmpps_abc_alerts a channel for alerts in the production environment
  • #hmpps_abc_alerts_nonprod a channel for alerts from non-production environments
  • #hmpps_abc_alerts_security a channel for alerts triggered by security jobs
  • #hmpps_abc_devs a channel for dev chatter and release notifications

Custom alert receivers

You should also set up a custom alert receiver for production and non-production alerts to funnel notifications to your chosen slack channels.

As part of this you’ll need to raise a request with operation-engineering.

The abc team would set up alert receivers for the following severities:

  • hmpps-abc-prod which would funnel alerts to #hmpps_abc_alerts
  • hmpps-abc-noprod which would funnel alerts to #hmpps_abc_alerts_nonprod

These severities are required for the helm config used for prometheus alerting.

The service

You should aim to understand the following about your service before starting :

  • What are you going to call the service?

    • Guidance for service names can be found here .
  • Which DNS domain will this service use?

    • .hmpps.service.justice.gov.uk - the service is relevant across HMPPS

    • .prison.service.justice.gov.uk - the service is prison-focussed

    • .probation.service.justice.gov.uk - the service is probation-focussed

    • Other - may require additional work to setup DNS for bespoke domains and the Cloud Platform team can assist with this.

  • Does the service require restricted access? Which IP/subnets will be allowed access? This can be managed after creation with a restricted IP address list in the values-<env>.yaml files.

  • Does the service require other AWS resources - databases, caches, SQS queues, SNS topics or S3 buckets? These should be created using the terraform modules provided by Cloud Platform - see other services for examples.

This page was last reviewed on 27-Jan-2025, next review will be on 01-Jul-2025.
Edit this page here.