Production Readiness
AWS deployment checklist, secrets, backups, and go-live runbook.
Configured or implemented
Must finish before live customers
Queued production setup
Recent snapshots
Security3 / 7 ready
Monitoring5 / 5 ready
DR1 / 5 ready
Tenant Proof5 / 5 ready
ReadinessPending
Security Hardening
| Control | Status | Evidence | Owner |
|---|---|---|---|
| Role based access | Ready | SecurityPermissions gates each menu and page by role. | Developer |
| Audit trails | Ready | AuditLog captures sign-ins, admin activity, approvals, warranty rules, and report access. | Admin |
| Secrets management | Ready | Production secrets should live in AWS Secrets Manager, not appsettings or source files. | Admin |
| Data encryption | Planned | Use encrypted RDS storage, encrypted S3 buckets, TLS, and protected ASP.NET data protection keys. | Admin |
| MFA and password policy | Action Needed | Add MFA for admins, minimum password strength, password rotation policy, and lockout reporting. | Admin |
| Network boundary | Planned | Put production services behind AWS WAF, private RDS subnets, security groups, and least-privilege IAM. | Admin |
| Session/key persistence | Action Needed | Move data protection keys out of ephemeral memory before multi-instance production. | Developer |
Backup Snapshots
| Backup | Type | Created | Size | Status | Location | Notes |
|---|
Monitoring Probes
| Probe | Target | Status | Checked | Notes |
|---|---|---|---|---|
| Health endpoint | /health | Ready | 07/13/2026 01:09 | Load balancer can verify application health. |
| Readiness endpoint | /ready | Ready | 07/13/2026 01:09 | Reports readiness counts without exposing secret values. |
| Tenant database connectivity | SQLite preview database | Ready | 07/13/2026 01:09 | Tenant admin database connection string is present. |
| Backup target | cascadequotecloud-backups | Ready | 07/13/2026 01:09 | At least one backup snapshot or backup bucket should exist. |
| Document storage | cascadequotecloud-documents | Ready | 07/13/2026 01:09 | Production should use encrypted S3 storage with versioning. |
Disaster Recovery
| # | Scenario | Recovery Action | RTO | RPO | Status |
|---|---|---|---|---|---|
| 1 | Single app instance failure | Restart App Runner/ECS service and verify /health. | 30 minutes | No data loss expected | Planned |
| 2 | Tenant database corruption | Restore latest RDS automated backup or local snapshot, then reconcile audit log. | 4 hours | 15 minutes | Action Needed |
| 3 | Accidental document deletion | Restore S3 version or backup bucket object. | 4 hours | 24 hours | Ready |
| 4 | Region outage | Promote warm standby stack in secondary AWS region. | 24 hours | 24 hours | Planned |
| 5 | Security incident | Disable affected accounts, rotate secrets, export audit log, restore clean backup if needed. | 2 hours | 15 minutes | Planned |
Tenant Isolation Proof
| Proof | Status | Evidence | Risk Note |
|---|---|---|---|
| Company scoped identity | Ready | 2 companies have unique CompanyID values. | Do not allow users to switch company context without re-authentication. |
| Tenant database keys | Ready | Each company has a distinct database key in the tenant registry. | Production should resolve each key to a separate RDS database or schema secret. |
| Role scoped access | Ready | CurrentTenantSession carries one Company and one User for page/service operations. | Continue adding service-level guards for new modules. |
| Operational CompanyID filters | Ready | Existing SQLite services query and save records with CompanyID filters. | Automated integration tests should be added for cross-tenant access attempts. |
| Audit boundary | Ready | AuditLog entries are queried by CompanyID. | Exported audit evidence should be retained per tenant. |
AWS Readiness Checklist
| Area | Requirement | Status | Notes |
|---|---|---|---|
| Hosting | Docker image and App Runner/ECS hosting plan | Ready | Dockerfile exposes port 8080 and uses the Aws environment. |
| Health | App health endpoint | Ready | /health is available for load balancer and App Runner health checks. |
| Readiness | Production readiness endpoint | Ready | /ready reports configuration readiness without exposing secrets. |
| Database | Move tenant admin database to RDS | Action Needed | Current local/AWS starter configuration uses SQLite. Move this to Amazon RDS before paying customers. |
| Tenant Isolation | One tenant data boundary per company | Ready | Existing services scope records by CompanyID and tenant database keys. |
| Secrets | AWS Secrets Manager names configured | Ready | Use Secrets Manager for tenant admin DB, tenant DBs, Stripe, SES, QuickBooks, and data protection keys. |
| Files | S3 document and backup buckets | Planned | Current document storage is local/S3-ready. S3 provider should be enabled for production. |
| Amazon SES identity and sending domain | Planned | Email Center queues messages and is SES-ready, but real sending is not enabled. | |
| Payments | Stripe Checkout live credentials | Planned | Online payments run in preview mode until Stripe live keys and webhooks are connected. |
| Accounting | QuickBooks Online OAuth app | Planned | QBO queue previews payloads. Real OAuth/API transmission still needs Intuit app setup. |
| Backups | Automated RDS and S3 backup policy | Action Needed | Define retention, restore test cadence, and who receives backup failure alerts. |
| Monitoring | CloudWatch logs and alarms | Planned | Add alarms for failed health checks, app errors, high latency, failed jobs, and backup failures. |
| Disaster Recovery | Documented restore and failover runbook | Action Needed | Define RTO/RPO, restore owners, and quarterly recovery drills. |
| Security Hardening | Enterprise controls for auth, secrets, encryption, and audit | Planned | Core role-based access exists. Production hardening should add MFA, WAF, persistent data protection keys, and least-privilege IAM. |
| Tenant Isolation Proof | Evidence that company data cannot cross tenant boundaries | Ready | Company records carry tenant database keys and operational records are CompanyID-scoped. |
| Database Migrations | Schema version history and startup migrations | Ready | 4 schema migration record(s) found. |
Secrets Checklist
| Secret | Used For | Status | Notes |
|---|---|---|---|
| cascadequotecloud/tenant-admin-db | Tenant admin database connection | Named | Store the RDS connection string here. |
| cascadequotecloud/tenants/<tenant-slug> | Per-company tenant database connection | Named | Each company should resolve to its own database secret. |
| cascadequotecloud/stripe/live | Stripe Checkout and webhook signing secret | Needed | Do not store Stripe live keys in appsettings. |
| cascadequotecloud/qbo/oauth | QuickBooks Online OAuth client secret and refresh token | Needed | Use the QBO preview queue until OAuth is enabled. |
| cascadequotecloud/ses/smtp | Amazon SES sending identity or SMTP credentials | Needed | Used by Email Center when real sending is enabled. |
| cascadequotecloud/dataprotection | ASP.NET data protection key store | Needed | Use persistent shared keys for multiple app instances. |
Deployment Runbook
| # | Step | Owner | Status | Notes |
|---|---|---|---|---|
| 1 | Create AWS account, IAM roles, and least-privilege deploy user | Admin | Planned | Limit production access to deployment and support roles. |
| 2 | Create ECR repository and push Docker image | Developer | Ready | Starter script exists in the aws folder. |
| 3 | Create RDS database and migrate tenant admin data | Developer | Action Needed | SQLite is fine for preview, but not final SaaS production. |
| 4 | Create S3 buckets for documents, reports, exports, and backups | Admin | Planned | Enable versioning, encryption, and lifecycle rules. |
| 5 | Create Secrets Manager entries | Admin | Planned | Populate DB, Stripe, SES, QBO, and data protection secrets. |
| 6 | Create App Runner or ECS Fargate service | Developer | Ready | Use port 8080 and /health. |
| 7 | Configure custom domain and TLS | Admin | Planned | Use Route 53 and AWS Certificate Manager. |
| 8 | Run smoke tests | Developer | Planned | Sign in, create quote, invoice, payment request, document upload, QBO preview queue. |
| 9 | Run restore drill | Admin | Action Needed | Confirm database and document restore before live users. |
| 10 | Go-live with one pilot company | Owner | Planned | Start with Western Cascade before onboarding outside customers. |
Database Migrations
| Migration | Description | Applied | Status | Notes |
|---|---|---|---|---|
| 2026-07-06-004-import-export-readiness | Add customer indexes used by legacy data import/export validation. | 07/11/2026 14:49 | Applied | Migration applied successfully. |
| 2026-07-06-003-operational-reporting-indexes | Add indexes used by dashboards, payroll, and dispatch reports. | 07/11/2026 14:49 | Applied | Migration applied successfully. |
| 2026-07-06-002-audit-indexes | Add audit log lookup indexes for enterprise audit trails. | 07/11/2026 14:49 | Applied | Migration applied successfully. |
| 2026-07-06-001-baseline-history | Create schema migration history and mark baseline. | 07/11/2026 14:49 | Applied | Migration applied successfully. |
Current Configuration
Tenant DBData Source=/app/data/CascadeQuoteCloudTenants.db
Health/health
Ready/ready
Container Port8080
AWS Regionus-west-2