app_domain handling in GOV.UK during migration to AWS
Deprecation note: This page should be removed after all machines in Carrenza have been shutdown and all reference to this has been removed from govuk-puppet
The app-by-app migration plan to move GOV.UK to AWS introduced an
$app_domain_internal parameter in addition to the previously used
This is necessary because in AWS we use a
<environment>.govuk-internal.digital domain in addition to the
app_domain parameter may be set to the
<environment>.publishing.service.gov.uk for migrated apps as well. The exact configuration depends on the current state of the migrated app as well as its dependencies.
For example, migrated backend applications, such as Support, may be configured to use the
$app_domain to facilitate access to Signon over the internet.
Applications in Carrenza which talk to AWS over the VPN need to resolve
<environment>.govuk-internal.digital. The names under
govuk-internal.digital point to private IP addresses in AWS.
At the moment this is only done for RabbitMQ exchange federation because the performance platform (backdrop) still depends on RabbitMQ.
As a rule of thumb:
- Applications which have been moved to AWS and have all their dependencies in AWS will use
- Applications which remain in Carrenza, including all their dependencies, will only use
- Applications having dependencies in both AWS and Carrenza will require some customisation of service resolution in form of a Plek URI override and may use either
Since setting the correct service discovery environment for a particular app is complicated due to the migration to AWS, please take extra care to make sure you understand the effects of changes to the app_domain parameter and Plek URI overrides via environment variables.
If in doubt, please talk to Reliability Engineering to make sure your changes will not have unintended side effects.