Infrastructure

app_domain handling in GOV.UK during migration to AWS

Deprecation note: This page should be removed after all machines in Carrenza have been shutdown and all reference to this has been removed from govuk-puppet

The app-by-app migration plan to move GOV.UK to AWS introduced an $app_domain_internal parameter in addition to the previously used $app_domain.

This is necessary because in AWS we use a <environment>.govuk-internal.digital domain in addition to the <environment>.govuk.digital domain.

Furthermore, the app_domain parameter may be set to the <environment>.publishing.service.gov.uk for migrated apps as well. The exact configuration depends on the current state of the migrated app as well as its dependencies.

For example, migrated backend applications, such as Support, may be configured to use the <environment>.publishing.service.gov.uk $app_domain to facilitate access to Signon over the internet.

Applications in Carrenza which talk to AWS over the VPN need to resolve <environment>.govuk-internal.digital. The names under govuk-internal.digital point to private IP addresses in AWS.

At the moment this is only done for RabbitMQ exchange federation because the performance platform (backdrop) still depends on RabbitMQ.

As a rule of thumb:

• Applications which have been moved to AWS and have all their dependencies in AWS will use $app_domain=<environment>.govuk.digital and $app_domain_internal=<environment>.govuk-internal.digital.
• Applications which remain in Carrenza, including all their dependencies, will only use app_domain=<environment>.publishing.service.gov.uk.
• Applications having dependencies in both AWS and Carrenza will require some customisation of service resolution in form of a Plek URI override and may use either $app_domain=<environment>.govuk.digital or $app_domain=<environment>.publishing.service.gov.uk.

Note: we use Plek to generate the correct base URLs for internal GOV.UK services. These URLs can be overridden when a Plek instance is instantiated.

Since setting the correct service discovery environment for a particular app is complicated due to the migration to AWS, please take extra care to make sure you understand the effects of changes to the app_domain parameter and Plek URI overrides via environment variables.

If in doubt, please talk to Reliability Engineering to make sure your changes will not have unintended side effects.

More in the Infrastructure section

Learn

• Concourse
• Domain Name System (DNS) records
• GOV.UK and Virtual Private Networks (VPNs)
• GOV.UK's environments (integration, staging, production)
• Load Testing
• Upgrade Terraform

How to...

• Add a disk to a vCloud machine (Carrenza only)
• Add a new Ruby version
• Connect to vCloud Director (Carrenza only)
• Generate a Certificate Signing Request (CSR) for GOV.UK
• Manage RabbitMQ
• Manually resize ASGs (auto scaling groups)
• Move apps between servers
• Patch Jenkins
• Provision machines for data science research
• Reboot a machine
• Remove a machine
• Renew a TLS certificate for GOV.UK
• Reprovision a machine

This page was last reviewed on 12 August 2020. It needs to be reviewed again on 12 December 2020 by the page owner #re-govuk .

This page was set to be reviewed before 12 December 2020 by the page owner #re-govuk. This might mean the content is out of date.