darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 07:35:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update Run Book

Browse Source 
added:
* info on relationship to SSPP
* tables to check for audit logs
* how to create and update DNS records for notify.gov
This commit is contained in:
Ryan Ahearn
2023-04-28 17:02:17 -04:00
parent f6cc141f58
commit a46b541ced
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/run-book.md
View File

@@ -1,12 +1,16 @@
Run Book
========
Policies and Procedures needed before and during US Notify Operations
Policies and Procedures needed before and during US Notify Operations. Many of these policies are taken from the U.S. Notify System Security & Privacy Plan (SSPP).
Any changes to policies and procedures defined both here and in the SSPP must be kept in sync, and should be done collaboratively with the System ISSO and ISSM to ensure
that the security of the system is maintained.
1. [Alerts, Notifications, Monitoring](#alerts)
1. [Restaging Apps](#restaging-apps)
1. [Smoke-testing the App](#smoke-testing)
1. [Configuration Management](#cm)
1. [DNS Changes](#dns)
1. [Known Gotchas](#gotcha)
1. [User Account Management](#ac)
1. [SMS Phone Number Management](#phone-numbers)
@@ -19,6 +23,12 @@ Operational alerts are posted to the [#pb-notify-alerts](https://gsa-tts.slack.c
[Cloud.gov Logging](https://logs.fr.cloud.gov/) is used to view and search application and platform logs.
In addition to the application logs, there are several tables in the application that store useful information for audit logging purposes:
* `events`
* the various `*_history` tables
## <a name="restaging-apps"></a> Restaging Apps
Our apps must be restaged whenever cloud.gov releases updates to buildpacks. Cloud.gov will send email notifications whenever buildpack updates affect a deployed app.
@@ -103,6 +113,17 @@ US_Notify Administrators are responsible for ensuring that remediations for vuln
* Low - 180 days
* Informational - 365 days (depending on the analysis of the issue)
## <a name="dns"></a> DNS Changes
U.S. Notify DNS records are maintained within [the 18f/dns repository](https://github.com/18F/dns/blob/main/terraform/notify.gov.tf). To create new DNS records for notify.gov or any subdomains:
1. Update the `notify.gov.tf` terraform to update or create the new records within Route53 and push the branch to the 18f/dns repository.
1. Open a PR.
1. Verify that the plan output within circleci creates the records that you expect.
1. Request a PR review from the 18F/tts-tech-portfolio team
1. Once the PR is approved and merged, verify that the apply step happened correctly within [CircleCI](https://app.circleci.com/pipelines/github/18F/dns)
## <a name="gotcha"></a> Known Gotchas
### SSB Service Bindings are failing