March 2026 monthly summary for govuk-one-login/onboarding-self-service-experience. Focus this month was on backend maintenance and CI/CD enhancements to strengthen build reliability, security posture, and release velocity for the onboarding self-service flow.

October 2025: Reverted the IAM deny policies restricting DynamoDB access to PII-containing tables in non-development environments, restoring the prior access configuration (commit a4574f5dfb54f084def60235013bb0e8a65f8bc0). This rollback stabilized development environments and enabled continued work while allowing future policy reevaluation.

September 2025 summary for govuk-one-login/authentication-api. Focused on correcting an access-control change by rolling back resource policies on PII-containing tables to restore root AWS principal access and avoid disruption to critical admin workflows. Executed two revert commits to undo the security measure added in the previous rollout, preserving compliance while maintaining operational usability.

2025-07 Monthly Summary for govuk-one-login/authentication-api: Focused on stability and correct configuration of the Document Application Credential integration. Rolled back the new Document Application Credential table integration to restore prior behavior, reverting the service class rename (DynamoDocAppCriService back to DynamoDocAppService) and updating template.yaml to align with the previous policy configuration. The rollback preserves compatibility with existing downstream integrations while allowing time for a more robust approach.

June 2025: Focused on stabilizing the deployment pipeline for the authentication API by rolling back the Canary Deployments feature and removing related CloudWatch anomaly detection and Lambda alarms. The change preserves a safe, predictable release process, maintains the existing production baseline, and improves auditability and compliance.

In 2025-03, the authentication API work focused on stabilizing monitoring and reducing alert noise rather than releasing new features. The team reverted backchannel logout alarm enablement and updated CloudWatch configurations to disable these alarms in Integration and Production, preventing unnecessary triggers and preserving alert quality.