Phase 1 Audit Runbook
This runbook is used to complete the Unconfirmed sections in Deployment Infrastructure. Run it when you have access to Google Drive, Confluence, and (optionally) GCP and AWS consoles. Outcome: Updatearchitecture/deployment-infrastructure.md with verified facts and remove the <Warning> blocks and “Unconfirmed” labels where audit items are filled in.
Part 1: Google Drive and Confluence Audit
Goal: Find and export deployment documentation from the AWS era and GCP migration for citation indeployment-infrastructure.md.
1.1 Locate infrastructure documentation
- In Google Drive, search for folders/documents containing:
- AWS architecture diagrams (EC2, ECS, Elastic Beanstalk, or Lambda)
- VPC, load balancer, RDS/PostgreSQL deployment docs
- Migration runbooks (AWS → GCP)
- Static IP, DNS, SSL certificate notes
- In Confluence, search for:
- “Equa deployment”, “AWS migration”, “GCP Cloud Run”
- Deployment Checklist (already linked in deployment-infrastructure.md)
- Database migration records and timeline
1.2 Export for local citation
- Export or copy the following into a location under the
equa-docsrepo or a linkeddocs/path:- Full AWS deployment architecture (compute, DB, networking)
- AWS → GCP migration timeline and rationale
- Original AWS infrastructure diagrams (PDF or image)
- Database migration records (if applicable)
- Record paths or URLs in the runbook or in deployment-infrastructure.md so future readers can find the sources.
1.3 Update deployment-infrastructure.md
- In Era 1: AWS (Prior Deployment):
- Replace the <Warning> “Unconfirmed — Requires Google Drive/Confluence Audit” block with a short narrative citing the exported docs.
- Add a “Sources” line: Google Drive [path/link], Confluence [link].
- In Appendix: Unconfirmed Items Requiring Audit, remove or check off the “Google Drive / Confluence Audit Required” table rows that are now verified.
Part 2: GCP Console Confirmation
Goal: Confirm GCP project and infrastructure details so deployment-infrastructure.md can state verified facts instead of “Unconfirmed”. Prerequisite: Access to the GCP project that hostsequa-backend (Cloud Run) and the database used by equa-server.
2.1 Project and Cloud Run
- Open GCP Console and select the Equa project.
- Record Project ID (e.g.
equa-prod-12345) and add it to the “Current GCP Cloud Run Deployment” section. - In Cloud Run → equa-backend (or the actual service name), confirm:
- Region (e.g.
us-central1) - CPU/memory (e.g. 1 CPU, 1 Gi)
- Min/max instances (e.g. 1–10)
- Image URL (e.g.
gcr.io/PROJECT_ID/equa-backend:...)
- Region (e.g.
2.2 Database (Cloud SQL)
- In SQL → Instances, identify the PostgreSQL instance used by equa-server.
- Record: instance name, tier (e.g. db-f1-micro), PostgreSQL version, region.
- Update the “Database Infrastructure” section with these details and remove the “Unconfirmed — Requires GCP Console Access” warning where applicable.
2.3 Networking and DNS
- In VPC Network → External IP addresses, confirm the static IP
136.110.187.76(or current production IP) and which resource it is attached to. - In Network Services → Load balancing, note the HTTPS load balancer configuration (backend, frontend, URL map).
- In Certificate Manager (or Security), note how SSL is managed (e.g. Google-managed cert for equa.cc).
- In Cloud DNS (if used), note the zone and nameservers for
equa.cc.
2.4 Billing (optional)
- In Billing → Reports, export or note the last 30 days cost by SKU (Cloud Run, Cloud SQL, Load Balancing, etc.) for the appendix or cost section if desired.
2.5 Update deployment-infrastructure.md
- Replace all “Unconfirmed — Requires GCP Console Access” warnings in the GCP-related sections with the verified values.
- In the Appendix, remove or check off the “GCP Console Access Required” rows that are now verified.
Part 3: AWS Console Confirmation (Optional)
Goal: Confirm S3 and SES configuration so the “AWS Services Still Active” section can be fully verified.3.1 S3
- In AWS Console → S3 → Buckets, identify the bucket used by
equa-server(from env or config). - Record: bucket name, region.
- Update deployment-infrastructure.md “AWS S3” subsection; remove “Unconfirmed” where filled.
3.2 SES
- In SES → Verified identities, list verified domains/emails used for sending.
- In SES → Account Dashboard, note sending region and any limits.
- Update deployment-infrastructure.md “AWS SES” subsection; remove “Unconfirmed” where filled.
3.3 Update deployment-infrastructure.md
- In the Appendix, remove or check off the “AWS Console Access Required” rows that are now verified.
Completion
When all three parts are done (or as many as you have access for):- Remove or shorten the Appendix: Unconfirmed Items Requiring Audit so it only lists items still unconfirmed.
- Remove all <Warning> blocks that were “Unconfirmed — Requires …” for items now verified.
- Add a short “Last audited” line at the top of deployment-infrastructure.md with the date and scope (e.g. “GCP + Confluence audit completed 2026-02-XX”).