What is GOV.UK Emergency Alerts?
The Cabinet Office COBR Unit and the Department for Science, Innovation and Technology have developed an emergency alert system to enable people whose lives are at risk in an emergency to be rapidly contacted via their mobile phone. It is currently in the trial phase following a successful national test message. It was originally developed by the GOV.UK Notify team and is now managed and maintained by the GOV.UK Emergency Alerts team.
As part of this service, GOV.UK delegate serving www.gov.uk/alerts to the GOV.UK Emergency Alerts team.
How does www.gov.uk/alerts work?
We have a custom host in Fastly for /alerts which points at an AWS CloudFront CDN which is managed by the GOV.UK Emergency Alerts team. Each GOV.UK environment points at a different custom host:
- Fastly’s Integration configuration points at Emergency Alerts Preview environment;
- Fastly’s Staging configuration points at Emergency Alerts Staging environment; and
- Fastly’s Production configuration points at Emergency Alerts Production environment.
Requests to /alerts (or to anything beginning with /alerts/) hit GOV.UK’s CDN (Fastly), but no other bits of GOV.UK’s infrastructure.
This is configured in govuk-fastly, by dynamically selecting the backend from the list of backends in govuk-fastly-secrets.
We only have one backend, at the time of writing. Backends have POP shield enabled by default.
API Keys
Emergency Alerts have three Fastly API keys with purge_select scope, one for
integration, staging and production. These allow them to purge individual pages or surrogate keys from the cache. Note that the scope
of these keys is not restricted to /alerts - in principle they could be used to purge any page from the cache. We trust the Emergency
Alerts team to take appropriate care with these credentials.
The API keys are not configured to expire, but it is good practice to rotate them regularly. The Emergency Alerts team will instigate API key rotations, see Rotate Fastly API Keys for Emergency Alerts.