There are 2 domains that are currently managed by the Digital Marketplace team.
Main production service domain.
Used for preview and staging environments, test user emails and for internal tools that we host ourselves (like CI).
Environment subdomains for preview, staging and production are documented in Environments.
DNS records for all domains are hosted AWS Route 53.
marketplace.team records are managed with Digital Marketplace AWS Terraform modules.
Main AWS account manages the
marketplace.team domain (which is registered through AWS on the same account).
staging.marketplace.team subdomains to development and production AWS accounts.
It also manages the records for
ci.marketplace.team, which point to the Jenkins EC2 instance.
digitalmarketplace.service.gov.uk is delegated from the
service.gov.uk DNS to Route 53 hosted zones on our production AWS account.
Most of these records (including MX, DMARC, DKIM, and other TXT records) used to be managed by CloudFormation stacks and haven’t been imported into our Terraform modules after the move to GOV.UK PaaS. These records can be edited manually in Route 53 or imported and updated with Terraform.
marketplace.team and *.service.gov.uk¶
SSL/TLS certificates for
*.staging.marketplace.team are generated by our PaaS
cdn-route service and issued by Let’s Encrypt. Current certificates are attached to Cloudfront using Terraform as outlined in the process of setting up the PaaS CDN service with a custom domain - https://docs.cloud.service.gov.uk/deploying_services/use_a_custom_domain/. There should be no manual renewal process needed by developers.
Our Jenkins server sits behind an Amazon Elastic Load Balancer (ELB). ELB’s get a free certificate. We have a wildcard
certificate set up for
*.marketplace.team which we use for Jenkins. This should allow us to spin up a new Jenkins
server in parallel with the current server (on a different subdomain) but with the same certificate. This eases the
process of transitioning the
ci subdomain between servers.
The certificate is created and managed by our Terraform in the main accounts
route53.tf file. See the Jenkins
section of this manual for more information on our Jenkins setup.