Cloud Engineering weeknotes, 21 January 2022

A quiet week; just as well, as we have been a few people down this week, making our already-small team even smaller. 

We’ve still got some stuff done, mostly on the support side of things – permissions, DNS changes, and restoring the connection between an EC2 and an S3 for the Document Migration team. We also had a demo of the new HaloITSM system; we will be using this for all support requests from 31 January so please note that requests via Slack will not be picked up from that date. 

Tomasz and Cintia continue work on the firewalls, and specifically on Globalprotect. The work to split Globalprotect into two for “internal” and “external” applications is nearing completion. Cintia has also been supporting Frank with networking on the production Ansible infrastructure for websites. We always learn more than we think we have. 

The other main piece of work this week has been preparations to replace the wildcard SSL certificate. It expires in a few weeks, and we want to replace it with AWS-issued certificates, which will renew automatically. Thanks to AWS Config, Matt was able to track down all usage of the wildcard in AWS in record time. We’re now planning how and when to do the replacement exercise.

However, AWS Certificate Manager doesn’t allow exports, so to deal with services outside AWS that uses our certificate, we’ll use a different method. We did a lunch and learn on this during the week. 

Although our plans for this sprint are to clear out the work in progress, much remains blocked. One of our suppliers is being slow to respond to a request, which in turn is delaying important work for Repairs Hub. We think this is now unblocked, but a second supplier is also being unresponsive on work for Social Care. This will be escalated. 

+ posts

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.