Merge pull request #166 from cabinetoffice/holding-page

Holding page

Author: rmohammed-goaco

aws/README.md

@@ -0,0 +1,128 @@
+# CloudFront Holding Page Runbook
+
+This folder contains helper scripts used to switch Find a Grant between live origins and a static S3 holding page, and to update the holding page content.
+
+## Script locations
+
+- Runtime scripts are in `gap-find-web/aws/s3/`
+
+## First stage: download scripts in CloudShell
+
+Start by copying the latest scripts from S3 into your current CloudShell directory:
+
+```bash
+aws s3 cp "s3://gap-setup-holding-page" . --recursive
+```
+
+## Environments and IDs
+
+| Environment | CloudFront distribution ID | Holding page S3 bucket | Holding page origin |
+|---|---|---|---|
+| `qa` | `E2YMATUXLSFFJV` | `gap-qa-holding-page` | `gap-qa-holding-page.s3-website.eu-west-2.amazonaws.com` |
+| `prod` | `E3GJQ1JB1DFNU4` | `gap-prod-holding-page` | `gap-prod-holding-page.s3-website.eu-west-2.amazonaws.com` |
+
+## What the switch scripts change
+
+`switch-to-holding-page.sh` updates these cache behaviors to point to the holding page origin:
+
+- `/`
+- `/*`
+- `/grants/*`
+- `/apply/applicant`
+- `/apply/applicant/*`
+- `/apply/admin`
+- `/apply/admin/*`
+
+It also:
+
+- Forces those switched behaviors to use GET-only methods (`HEAD`, `GET`, `OPTIONS`)
+- Adds/overwrites a CloudFront custom error for `404 -> /index.html` with response code `200`
+- Creates a full cache invalidation for `/*`
+
+`switch-to-live.sh` reverses this:
+
+- Restores the switched behaviors to live origins (`find-lb` or `apply-lb` depending on path)
+- Restores allowed methods per behavior (`7 methods` for apply paths, `3 methods` for find paths)
+- Removes the `404 -> /index.html` custom error response
+- Creates a full cache invalidation for `/*`
+
+Both switch scripts prompt for `qa` or `prod`, include explicit confirmation prompts, and create a timestamped backup file (`dist-backup-YYYYMMDD-HHMMSS.json`) before making changes.
+
+## Scripts
+
+### `s3/switch-to-holding-page.sh`
+
+Switches selected paths to the S3 holding page for the chosen environment (`qa` or `prod`), then invalidates CloudFront.
+
+```bash
+sh ./switch-to-holding-page.sh
+```
+
+### `s3/switch-to-live.sh`
+
+Restores selected paths to live load balancer origins for the chosen environment (`qa` or `prod`), then invalidates CloudFront.
+
+```bash
+sh ./switch-to-live.sh
+```
+
+### `s3/restore-from-backup.sh` - Be careful with this!
+
+Restores from a backup file and invalidates CloudFront.
+Prompts for environment (`qa` or `prod`) before restoring.
+
+```bash
+sh ./restore-from-backup.sh dist-backup-20260414-162948.json
+```
+
+If run without an argument, it prints usage and available backup files.
+
+### `s3/update-holding-page.sh`
+
+Updates `holding-page/index.html`, uploads the generated page to the selected environment bucket (`qa` or `prod`), and invalidates `/index.html`.
+
+What it prompts for:
+
+- Environment (`qa`/`prod`)
+- Optional custom page message (defaults to `Please try again later.`)
+- Confirmation (plus an extra production warning prompt for `prod`)
+
+```bash
+sh ./update-holding-page.sh
+```
+
+### `s3/clear-cache-invalidate.sh`
+
+Prompts for environment (`qa` or `prod`) and creates a full invalidation (`/*`) for that distribution.
+
+```bash
+sh ./clear-cache-invalidate.sh
+```
+
+## Suggested maintenance procedure
+
+1. Update the holding page content first (optional):
+   ```bash
+   sh ./update-holding-page.sh
+   ```
+2. Switch traffic to the holding page:
+   ```bash
+   sh ./switch-to-holding-page.sh
+   ```
+3. Verify key URLs show the holding page.
+4. Perform maintenance.
+5. Switch traffic back to live:
+   ```bash
+   sh ./switch-to-live.sh
+   ```
+6. Verify live traffic is restored.
+
+## Recovery procedure
+
+If needed, restore from a known backup file - Be very careful though!
+
+```bash
+sh ./restore-from-backup.sh dist-backup-YYYYMMDD-HHMMSS.json
+```
+
+Note: `restore-from-backup.sh` fetches the current ETag before update, so backup-file ETag staleness is not a problem.

aws/s3/clear-cache-invalidate.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e
+
+# Prompt for environment
+while true; do
+  read -rp "Which environment do you want to use? (qa/prod): " ENVIRONMENT
+  case "$ENVIRONMENT" in
+    qa|prod) break ;;
+    *) echo "Invalid option. Please enter 'qa' or 'prod'." ;;
+  esac
+done
+
+# Set environment-specific values
+if [ "$ENVIRONMENT" = "prod" ]; then
+  DIST_ID="E3GJQ1JB1DFNU4"
+else
+  DIST_ID="E2YMATUXLSFFJV"
+fi
+
+# Extra warning for prod
+if [ "$ENVIRONMENT" = "prod" ]; then
+  echo ""
+  echo "WARNING: You have selected the PRODUCTION environment. This will affect live users."
+  read -rp "Are you sure you want to continue? (y/n): " PROD_CONFIRM
+  if [ "$PROD_CONFIRM" != "y" ]; then
+    echo "Aborted."
+    exit 0
+  fi
+fi
+
+echo ""
+read -rp "You are about to create a full cache invalidation in the $ENVIRONMENT environment. Are you sure? (y/n): " CONFIRM
+if [ "$CONFIRM" != "y" ]; then
+  echo "Aborted."
+  exit 0
+fi
+
+echo "Creating cache invalidation for $ENVIRONMENT..."
+INVALIDATION=$(aws cloudfront create-invalidation \
+  --distribution-id "$DIST_ID" \
+  --paths "/*" \
+  --query 'Invalidation.Id' \
+  --output text)
+echo "Invalidation created: $INVALIDATION"

aws/s3/holding-page/index.html

@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html lang="en" class="govuk-template">
+
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
+  <meta name="theme-color" content="#0b0c0c" />
+  <title>Sorry, the service is unavailable – Find a grant</title>
+  <link rel="stylesheet" type="text/css" href="https://test-env.find-a-grant-support-test.service.cabinetoffice.gov.uk/style.css" />  
+</head>
+
+<body class="govuk-template__body js-enabled">
+
+  <a href="#main-content" class="govuk-skip-link" data-module="govuk-skip-link">
+    Skip to main content
+  </a>
+
+  <header class="govuk-header" role="banner" data-module="govuk-header">
+    <div class="govuk-header__container govuk-width-container">
+      <div class="govuk-header__logo">
+        <a href="https://www.gov.uk/" class="govuk-header__link govuk-header__link--homepage">
+          <span class="govuk-header__logotype">
+            <svg aria-hidden="true" focusable="false" class="govuk-header__logotype-crown"
+              xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 30" height="30" width="32">
+              <path fill="currentColor" fill-rule="evenodd"
+                d="M22.6 10.4c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m-5.9 6.7c-.9.4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m10.8-3.7c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s0 2-1 2.4m3.3 4.8c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4M17 4.7l2.3 1.2V2.5l-2.3.7-.2-.2.9-3h-3.4l.9 3-.2.2c-.1.1-2.3-.7-2.3-.7v3.4L15 4.7c.1.1.1.2.2.2l-1.3 4c-.1.2-.1.4-.1.6 0 1.1.8 2 1.9 2.2h.7c1-.2 1.9-1.1 1.9-2.1 0-.2 0-.4-.1-.6l-1.3-4c-.1-.2 0-.2.1-.3m-7.6 5.7c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s0 2 1 2.4m-5 3c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s.1 2 1 2.4m-3.2 4.8c.9.4 2-.1 2.4-1 .4-.9-.1-2-1-2.4-.9-.4-2 .1-2.4 1s0 2 1 2.4m14.8 11c4.4 0 8.6.3 12.3.8 1.1-4.5 2.4-7 3.7-8.8l-2.5-.9c.2 1.3.3 1.9 0 2.7-.4-.4-.8-1.1-1.1-2.3l-1.2 4c.7-.5 1.3-.8 2-.9-1.1 2.5-2.6 3.1-3.5 3-1.1-.2-1.7-1.2-1.5-2.1.3-1.2 1.5-1.5 2.1-.1 1.1-2.3-.8-3-2-2.3 1.9-1.9 2.1-3.5.6-5.6-2.1 1.6-2.1 3.2-1.2 5.5-1.2-1.4-3.2-.6-2.5 1.6.9-1.4 2.1-.5 1.9.8-.2 1.1-1.7 2.1-3.5 1.9-2.7-.2-2.9-2.1-2.9-3.6.7-.1 1.9.5 2.9 1.9l.4-4.3c-1.1 1.1-2.1 1.4-3.2 1.4.4-1.2 2.1-3 2.1-3h-5.4s1.7 1.9 2.1 3c-1.1 0-2.1-.2-3.2-1.4l.4 4.3c1-1.4 2.2-2 2.9-1.9-.1 1.5-.2 3.4-2.9 3.6-1.9.2-3.4-.8-3.5-1.9-.2-1.3 1-2.2 1.9-.8.7-2.3-1.2-3-2.5-1.6.9-2.2.9-3.9-1.2-5.5-1.5 2-1.3 3.7.6 5.6-1.2-.7-3.1 0-2 2.3.6-1.4 1.8-1.1 2.1.1.2.9-.3 1.9-1.5 2.1-.9.2-2.4-.5-3.5-3 .6 0 1.2.3 2 .9l-1.2-4c-.3 1.1-.7 1.9-1.1 2.3-.3-.8-.2-1.4 0-2.7l-2.9.9C1.3 23 2.6 25.5 3.7 30c3.7-.5 7.9-.8 12.3-.8">
+              </path>
+            </svg>
+            <span class="govuk-header__logotype-text">GOV.UK</span>
+          </span>
+        </a>
+      </div>
+      <div class="govuk-header__content">
+        <div class="govuk-heading-m gap-service-name">Find a grant</div>
+      </div>
+    </div>
+  </header>
+
+  <div class="govuk-width-container">
+    <main class="govuk-main-wrapper govuk-main-wrapper--l" id="main-content" role="main">
+      <div class="govuk-grid-row">
+        <div class="govuk-grid-column-two-thirds">
+          <h1 class="govuk-heading-l">Sorry, the service is unavailable</h1>
+
+          <p class="govuk-body">Please try again later.</p>
+          <!-- <p class="govuk-body">You will be able to use the service from 9am on Monday 19 November 2018.</p> -->
+
+        </div>
+      </div>
+    </main>
+  </div>
+
+  <footer class="govuk-footer" role="contentinfo">
+    <div class="govuk-width-container">
+      <div class="govuk-footer__meta">
+        <div class="govuk-footer__meta-item govuk-footer__meta-item--grow">
+
+          <svg aria-hidden="true" focusable="false" class="govuk-footer__licence-logo"
+            xmlns="http://www.w3.org/2000/svg" viewBox="0 0 483.2 195.7" height="17" width="41">
+            <path fill="currentColor"
+              d="M421.5 142.8V.1l-50.7 32.3v161.1h112.4v-50.7zm-122.3-9.6A47.12 47.12 0 0 1 221 97.8c0-26 21.1-47.1 47.1-47.1 16.7 0 31.4 8.7 39.7 21.8l42.7-27.2A97.63 97.63 0 0 0 268.1 0c-36.5 0-68.3 20.1-85.1 49.7A98 98 0 0 0 97.8 0C43.9 0 0 43.9 0 97.8s43.9 97.8 97.8 97.8c36.5 0 68.3-20.1 85.1-49.7a97.76 97.76 0 0 0 149.6 25.4l19.4 22.2h3v-87.8h-80l24.3 27.5zM97.8 145c-26 0-47.1-21.1-47.1-47.1s21.1-47.1 47.1-47.1 47.2 21 47.2 47S123.8 145 97.8 145" />
+          </svg>
+
+          <span class="govuk-footer__licence-description">
+            All content is available under the
+            <a href="https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
+              class="govuk-footer__link" rel="license">Open Government Licence v3.0</a>, except where otherwise stated
+          </span>
+        </div>
+
+        <div class="govuk-footer__meta-item">
+          <a href="https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/"
+            class="govuk-footer__link govuk-footer__copyright-logo">© Crown copyright</a>
+        </div>
+      </div>
+    </div>
+  </footer>
+</body>
+
+</html>