> ## Documentation Index
> Fetch the complete documentation index at: https://docs.equa.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# Phase 1 Audit Runbook

> Step-by-step checklist to complete unconfirmed sections in deployment-infrastructure.md using Google Drive, Confluence, and GCP/AWS console access

# Phase 1 Audit Runbook

This runbook is used to complete the **Unconfirmed** sections in [Deployment Infrastructure](/architecture/deployment-infrastructure). Run it when you have access to Google Drive, Confluence, and (optionally) GCP and AWS consoles.

**Outcome:** Update `architecture/deployment-infrastructure.md` with verified facts and remove the \<Warning> blocks and "Unconfirmed" labels where audit items are filled in.

***

## Part 1: Google Drive and Confluence Audit

**Goal:** Find and export deployment documentation from the AWS era and GCP migration for citation in `deployment-infrastructure.md`.

### 1.1 Locate infrastructure documentation

* [ ] In **Google Drive**, search for folders/documents containing:
  * AWS architecture diagrams (EC2, ECS, Elastic Beanstalk, or Lambda)
  * VPC, load balancer, RDS/PostgreSQL deployment docs
  * Migration runbooks (AWS → GCP)
  * Static IP, DNS, SSL certificate notes
* [ ] In **Confluence**, search for:
  * "Equa deployment", "AWS migration", "GCP Cloud Run"
  * Deployment Checklist (already linked in deployment-infrastructure.md)
  * Database migration records and timeline

### 1.2 Export for local citation

* [ ] Export or copy the following into a location under the `equa-docs` repo or a linked `docs/` path:
  * Full AWS deployment architecture (compute, DB, networking)
  * AWS → GCP migration timeline and rationale
  * Original AWS infrastructure diagrams (PDF or image)
  * Database migration records (if applicable)
* [ ] Record paths or URLs in the runbook or in deployment-infrastructure.md so future readers can find the sources.

### 1.3 Update deployment-infrastructure.md

* [ ] In **Era 1: AWS (Prior Deployment)**:
  * Replace the \<Warning> "Unconfirmed — Requires Google Drive/Confluence Audit" block with a short narrative citing the exported docs.
  * Add a "Sources" line: Google Drive \[path/link], Confluence \[link].
* [ ] In **Appendix: Unconfirmed Items Requiring Audit**, remove or check off the "Google Drive / Confluence Audit Required" table rows that are now verified.

***

## Part 2: GCP Console Confirmation

**Goal:** Confirm GCP project and infrastructure details so deployment-infrastructure.md can state verified facts instead of "Unconfirmed".

**Prerequisite:** Access to the GCP project that hosts `equa-backend` (Cloud Run) and the database used by equa-server.

### 2.1 Project and Cloud Run

* [ ] Open [GCP Console](https://console.cloud.google.com) and select the Equa project.
* [ ] Record **Project ID** (e.g. `equa-prod-12345`) and add it to the "Legacy GCP Cloud Run Reference" section.
* [ ] In **Cloud Run** → **equa-backend** (or the actual service name), confirm:
  * Region (e.g. `us-central1`)
  * CPU/memory (e.g. 1 CPU, 1 Gi)
  * Min/max instances (e.g. 1–10)
  * Image URL (e.g. `gcr.io/PROJECT_ID/equa-backend:...`)

### 2.2 Database (Cloud SQL)

* [ ] In **SQL** → **Instances**, identify the PostgreSQL instance used by equa-server.
* [ ] Record: instance name, tier (e.g. db-f1-micro), PostgreSQL version, region.
* [ ] Update the "Database Infrastructure" section with these details and remove the "Unconfirmed — Requires GCP Console Access" warning where applicable.

### 2.3 Networking and DNS

* [ ] In **VPC Network** → **External IP addresses**, confirm the static IP `136.110.187.76` (or current production IP) and which resource it is attached to.
* [ ] In **Network Services** → **Load balancing**, note the HTTPS load balancer configuration (backend, frontend, URL map).
* [ ] In **Certificate Manager** (or **Security**), note how SSL is managed (e.g. Google-managed cert for equa.cc).
* [ ] In **Cloud DNS** (if used), note the zone and nameservers for `equa.cc`.

### 2.4 Billing (optional)

* [ ] In **Billing** → **Reports**, export or note the last 30 days cost by SKU (Cloud Run, Cloud SQL, Load Balancing, etc.) for the appendix or cost section if desired.

### 2.5 Update deployment-infrastructure.md

* [ ] Replace all "Unconfirmed — Requires GCP Console Access" warnings in the GCP-related sections with the verified values.
* [ ] In the Appendix, remove or check off the "GCP Console Access Required" rows that are now verified.

***

## Part 3: AWS Console Confirmation (Optional)

**Goal:** Confirm S3 and SES configuration so the "AWS Services Still Active" section can be fully verified.

### 3.1 S3

* [ ] In **AWS Console** → **S3** → **Buckets**, identify the bucket used by `equa-server` (from env or config).
* [ ] Record: bucket name, region.
* [ ] Update deployment-infrastructure.md "AWS S3" subsection; remove "Unconfirmed" where filled.

### 3.2 SES

* [ ] In **SES** → **Verified identities**, list verified domains/emails used for sending.
* [ ] In **SES** → **Account Dashboard**, note sending region and any limits.
* [ ] Update deployment-infrastructure.md "AWS SES" subsection; remove "Unconfirmed" where filled.

### 3.3 Update deployment-infrastructure.md

* [ ] In the Appendix, remove or check off the "AWS Console Access Required" rows that are now verified.

***

## Completion

When all three parts are done (or as many as you have access for):

1. Remove or shorten the **Appendix: Unconfirmed Items Requiring Audit** so it only lists items still unconfirmed.
2. Remove all \<Warning> blocks that were "Unconfirmed — Requires …" for items now verified.
3. Add a short "Last audited" line at the top of deployment-infrastructure.md with the date and scope (e.g. "GCP + Confluence audit completed 2026-02-XX").
