Skip to main content
Warning This document has not been updated for a while now. It may be out of date.
Last updated: 25 Jun 2021

Node classes without redundancy

Below we provide a list of node classes that are not configured to be highly available (HA). This means that short outages of these machines are architecturally considered acceptable.

Installation of a critical software component on a non-redundant node class has caused an incident in the past. This happened when pgbouncer, required for all Postgresql database accesses at the time, was installed on db_admin, a single EC2 instance. That single instance became unavailable and took down Postgres in Production.

Please do not install new services or applications on any of the following machines unless it’s OK for your service to be down 5% of the time:

  • db-admin
  • transition-db-admin
  • content-data-api-db-admin
  • asset-master
  • jumpbox
  • ckan
  • apt
  • mirrorer
  • licensing_backend

If in doubt, please discuss your requirements with RE GOV.UK (#govuk-2ndline on Slack).