AWS environment configuration
Infrastructure that is used by EF-CMS is defined within the repository. The US Tax Court runs multiple copies of this application to provide staging, test, and production versions, and also maintains accounts to separate these environments. This document describes the decisions and processes describing the wider picture, outside of the instance of the application.
| Environment | Branch | Notes |
|---|---|---|
stg |
staging |
Used by engineering to accept changes from the vendor team. |
test |
test |
Used by Court employees for user acceptance testing, training, and demos. |
prod |
prod |
Production environment, as of May 28, 2020 is unused (in pre-production phases). |
mig |
migration |
Used by engineering to assist in developing data migration scripts. |
irs |
irs |
Used by engineers at IRS to assist in developing integration software with EF-CMS. Does not receive updates at this time. |
dev |
develop |
Used by engineers at the Court to test in-progress tasks. |
(all changes)
↓
staging → test → prod
↳ migration
See the general environment setup, release, and teardown documentation in EF-CMS documentation. This is supplemental information for the Court’s environments specifically.
AWS accounts are used to create hard permissions boundaries. Since the application’s infrastructure is provisioned automatically, these boundaries ensure that deployment scripts do not modify resources outside their environment.
There are two AWS accounts used by the Court:
-
Production. This account contains the instance of EF-CMS which is used in production, including any supporting environments needed to support rolling back a deployment.
To run the account-level deployment step with correct input variables, run:
(cd iam/terraform/account-specific/main && \ ZONE_NAME='dawson.ustaxcourt.gov' \ ES_LOGS_INSTANCE_COUNT=3 \ ES_LOGS_INSTANCE_TYPE='t2.medium.elasticsearch' \ ES_LOGS_EBS_VOLUME_SIZE_GB=35 \ COGNITO_SUFFIX='ustc-prod' \ LOG_GROUP_ENVIRONMENTS='["prod"]' \ ../bin/deploy-app.sh )
-
Staging. This account contains any instances of EF-CMS used for pre-production purposes, including environments used for staging, testing, and training.
To run the account-level deployment step with correct input variables, run:
(cd iam/terraform/account-specific/main && \ ZONE_NAME='ef-cms.ustaxcourt.gov' \ ES_LOGS_INSTANCE_COUNT=3 \ ES_LOGS_INSTANCE_TYPE='t2.medium.elasticsearch' \ ES_LOGS_EBS_VOLUME_SIZE_GB=35 \ COGNITO_SUFFIX='ustc-staging' \ LOG_GROUP_ENVIRONMENTS='["dev","stg","irs","mig","test"]' \ ../bin/deploy-app.sh )
There may be need for one or more US Tax Court-owned development environments, which may warrant a third account or more in the future.
Source for diagram
This diagram was created with Graphviz, and the source is below for future edits. Use an online editor, such as Edotor, and download the resulting graph PNG to update the image. Don’t forget to copy-paste the source back into this page for next time an edit is needed!
digraph {
rankdir="LR"
node [shape="house" margin=0 style=filled fillcolor="#d9e8f6"]
account_prod [label="AWS Account\n(production)"]
account_stg [label="AWS Account\n(staging)"]
node [shape="box" margin=0.1 style=filled fillcolor="#f2e4d4"]
zone_prod [label="Hosted Zone\n(Account-Specific Terraform)\ndawson.ustaxcourt.gov"]
zone_stg [label="Hosted Zone\n(Account-Specific Terraform)\nef-cms.ustaxcourt.gov"]
node [shape="oval" margin=0.1 style=filled fillcolor="#f0f0f0"]
env_prod [label="Production Environment\n(Environment-Specific Terraform)\ndawson.ustaxcourt.gov"]
env_stg [label="Staging Environment\n(Environment-Specific Terraform)\nstg.ef-cms.ustaxcourt.gov"]
env_test [label="Test Environment\n(Environment-Specific Terraform)\ntest.ef-cms.ustaxcourt.gov"]
env_mig [label="Migration Environment\n(Environment-Specific Terraform)\nmig.ef-cms.ustaxcourt.gov"]
env_irs [label="IRS Environment\n(Environment-Specific Terraform)\nirs.ef-cms.ustaxcourt.gov"]
account_prod -> zone_prod -> {
env_prod
}
account_stg -> zone_stg -> {
env_stg
env_test
env_mig
env_irs
}
}