I was off last week; as I got back into things this week, I had a chance to reflect on how far we’ve come over the last 10 months.
The catalyst for this was a chat with Stuart, our new (permanent!) Senior Engineer. Considering the circumstances of our formation, as a team we have built a stable, secure platform; we’ve coached each other and upskilled a number of Hackney colleagues who had no previous experience in AWS; we’ve made a welcoming, productive, and expert team which often puts the needs of others ahead of our own.
And I’m proud of that. In my absence, the team kept going and did all the right things in the right way and welcomed a new member as if he’d always been here. But we just don’t give ourselves enough credit for what we’ve done and in the circumstances we’ve been working in. As I’ve said before, nobody would ever choose to do a cloud migration in our circumstances, and we have much to be proud of.
Stuart’s arrival has given us a useful outsider’s view on what we’ve done and what’s missing. He’s given us a brain dump of documentation he’d expect as a new starter, which we will work through over the next couple of sprints. Almost all of it exists already, we just need to publish it in the Playbook so that it’s in one place. He’s also started work on formalising our change and release processes so that we can avoid repeating some of the mistakes we’ve made in the last couple of months.
The account migrations proceed, though slowly. The work needed to move e5 and the Housing accounts is lined up, and we’ve started decommissioning unused resources (with the data backed up). There is a definite chain of events – Manage Arrears needs to be updated so that we can move Housing, which will enable us to move APIs, which will allow us to clean up those accounts and move things to more appropriate homes.
We’ve made some additional security improvements this sprint. We have a module to automate much of the Windows Server patching, which we spoke about in our lunch & learn. We’ve also made some changes to the GitHub repo to restrict who can approve PRs and enabled Branch Protection.
The firewalls have been completely overhauled in the last two weeks. We’ve adopted a new licensing model that saves a lot of money, and the revised Terraform allows for faster redeployments. Importantly, we’re now able to use Panorama to manage the full suite of firewalls, and this means we only need to make a configuration change in one firewall – Panorama will manage the deployment of that change to all other devices.
Thank you for your patience while we’ve rebuilt the firewalls as we know there have been a lot of outages and cancellations – but that does neatly illustrate why we need to tighten up our own change and release processes!