First I drink the Coffee, then I do the things.
- If it's not in git, it doesn’t go in a compute instance, account or a piece of infrastructure.
- Git is the single source of truth and contains a complete history of all code changes.
- A complete audit trail
- Non repudiation
- Everything is code
- Changes are to be run through pipelines
- Everything is automated
- Every change is to be subject to a proper peer review by a person who is capable of understanding the subject matter
- Diffs are not permitted between Production and its proceeding environment (non prod/preprod)
- Test everything before production release
- Everyone has a test account, we separate ours from the production account
- We start in a test account
- No changes or write access to production without a very good reason
- No humans in production
- Secure run
- Everything gets patched
- Everything gets backups
- Everything gets monitoring. Critical items get alerting, you must be alerted if something is broken
- Documentation, You need to document what you have created and how it works so that it can be repaired or replaced in 10 years.