oraclecloud-prod-checklist

# Oracle Cloud Production Checklist ## Overview OCI has no "Well-Architected Review" equivalent to AWS. This is the pre-production gate: a comprehensive checklist covering backup policies, security list audit, API key rotation, compartment isolation, boot volume encryption, OS Management agent, Cloud Guard, and Vulnerability Scanning. Every item is verifiable via CLI or Python SDK — no subjective assessments, only pass/fail checks. **Purpose:** Validate that an OCI environment meets production-grade security, resilience, and operational standards before going live. ## Prerequisites - **OCI CLI installed and configured** — `~/.oci/config` validated (see `oraclecloud-install-auth`) - **Python 3.8+** with the OCI SDK — `pip install oci` - **Administrator-level IAM policies** — the checks require `inspect` and `read` across most service families - **Target compartment OCID** — the compartment being audited - **Cloud Guard** must be enabled at the tenancy level (Administration > Cloud Guard) ## Instructions ### Step 1: Compartment Isolation Audit Production workloads must be in a dedicated compartment, not the root: ```bash # List compartments — production should NOT be the root compartment oci iam compartment list \ --compartment-id "$TENANCY_OCID" \ --query 'data[].{name:name, id:id, state:"lifecycle-state"}' \ --output table # Verify prod compartment has policies restricting access oci iam policy list \ --compartment-id "$PROD_COMPARTMENT_OCID" \ --query 'da...