Operations¶
This section is the operational reference for the Totara Bank platform. It covers deployment, provisioning, configuration, runbooks, and day-two operations for engineers and AI deployment agents working on any environment.
All documents assume a single-stack, multi-tenant architecture across eight system domains (SD01–SD08) deployed via GitHub Actions / SST v3. The jurisdiction model (NZ, AU, or NZ+AU) is set at runtime via Cognito JWT claims and AppConfig feature flags — not by separate deployments.
Pages¶
| Page | Status | Purpose |
|---|---|---|
| Deployment sequence | Available | Ordered phases for deploying all 149 modules; explains why each constraint exists |
| Provisioning playbook | Available | End-to-end guide for deploying a new client from zero to go-live |
| Configuration manifest | Available | Exhaustive list of every configuration value that must be set for a deployment |
| Secrets manifest | In progress | All secrets required in AWS Secrets Manager, by domain and environment |
| Module activation matrix | In progress | Which modules are active per institution type and jurisdiction |
| Post-deployment checklist | In progress | Verification checklist to run after each deployment phase and at go-live |
| Alert thresholds | In progress | Reference for all observability alert thresholds and their rationale |
| DR runbook | In progress | Disaster recovery procedures for each system domain |
| Backup and recovery | In progress | Backup schedules, retention policies, and point-in-time recovery procedures |
| Schema migrations | In progress | How Flyway migrations are managed across all eight databases |
Conventions used in this section¶
Environment names: local, dev, uat, prod. All config paths use {env} as a placeholder.
Secret paths: /bank/{env}/{domain}/{secret-name} in AWS Secrets Manager.
SSM paths: /bank/{env}/{service}/{parameter} in AWS SSM Parameter Store (non-secret config).
AppConfig: Feature flags and runtime configuration are stored as JSON profiles in AWS AppConfig, one profile per application. Changes take effect at runtime without a redeploy unless noted otherwise.
Module IDs: Module identifiers (e.g. MOD-104) reference the wiki entity at /systems/SD0N-{slug}/MOD-NNN-{slug}/. Use the entity index to resolve any ID.