Deployment plan

Owned by Yafang Deng
Last updated: 15 Oct 2024
2 min read

Pre migration:

  1. Get Cogonito user pool configured - to be fully terraformed
    a. password policy: default
    b. lambdas: migrate user trigger & pre token generation trigger
    c. app client for Admins-UI
    d. messaging - FROM email: no-reply@tis.nhs.uk

  2. Get Admins API-Gateway configured - terraformed

  3. Get Admins-UI on CloudFront configured (pipeline should be done on another branch) -done

  4. Upgrade Amplify to version 6 for Admins-UI

  5. Get revalidation config PR ready and Reval API-Gateway PR ready (ready means approved, or merged and not applied yet) - done

  6. Get UserManagement fully tested locally (give errors to admins when user does not exist on Cognito?)
    We do give an error when the user does not exist, but the error is thrown from the backend and it is not shown in a friendly way to users.

  7. Give notice to all users in advance

Mid migration:

Parallel branches & draft PRs to be merged:

  1. Admins-UI: https://github.com/Health-Education-England/TIS-ADMINS-UI/tree/detached/configureAuthWithCognito_DO_NOT_MERGE

  2. Reval-UI:https://github.com/Health-Education-England/tis-revalidation-v2/tree/detached/updateCognitoConfigToUseTISUserPools_DO_NOT_MERGE

  3. Updating the user pool if in Reval Api-gateway authoriser: https://github.com/Health-Education-England/TIS-OPS/pull/862

Migration steps:

  1. Give notice to users to inform the migration start

  2. Restrict access of UserManagement (Modify API-Gateway to only allow some specific get reqeusts? Or remove user permission/roles temporarily? Or remove mapping annotation on the endpoints (POST/DELETE)?)

  3. Switch Admins-UI DNS to use the app on CloudFront (new Admins API-Gateway), mind the TTL
    Update the website terraform - to use existing domains/host names. (How do we verify this upfront?)

  4. Switch Reval to the new user pool and get Reval API-Gateway configured

  5. Switch UserManagement to Cognito and release the UserManagement to users

Rollback plan:
3. If Admins-UI becomes unaccessible, switch DNS back
4. If Reval becomes unaccessible and cannot get resolved for 1(?) hour, roll back Reval and do 3
5. If UserManagement cannot be setup properly, try to find the issue and fix it within 1-2days?

Post migration (if the migration has done)

  1. Some scenario to resolve:
    Given user management has switched to manage Cognito users
    When an admin comes to a user details page that hasn't been migrated to Cognito yet
    Then should we provide a button for the admin to create this user on Cognito? Or provide an error message for admins?

  2. Upgrade Amplify to version 6 in Admins-UI

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213