DevOps roadmap
2026 Go-live
The current 2026 roadmap for DevOps go-live is as follows:
---
config:
logLevel: debug
theme: dark
---
timeline
title DevOps task timeline
section Pre Go-live
On-going (MUST-HAVES)
: ATCLOUD-584<br>Integrate and test CI and CD elements into complete lifecycle
: ATCLOUD-801<br>Identify image, app, and infrastructure branching strategy
: ATCLOUD-690<br>Investigate high memory usage in demo EKS cluster
: ATCLOUD-679<br>Ensure conditional creation of env-specific resources in Terraform
: ATCLOUD-677<br>Add ingress files for backend services to aws section of argocd-oc-apps
: ATCLOUD-602<br>Create new IAM user role policy for DevOps automation
: ATCLOUD-558<br>Implement SSO logins for ArgoCD
On-going (NICE-TO-HAVES)
: ATCLOUD-683<br>Fix security violations caught by Checkov
: ATCLOUD-675<br>Create reusable workflow for GitHub Actions pre-commit hooks
: ATCLOUD-667<br>Integrate Harbor Image Vulnerability Scanning with Jira for Automated Task Creation
: ATCLOUD-563<br>Cost-saving - Configure CloudWatch Agent for metrics and logs collection
: ATCLOUD-562<br>[Depends on IS] Investigate SSO logins for OneConnect AWS production account
🚫
: FEATURE FREEZE
: -- NO NEW feature deployments beyond this point! --
: -- Bug fixes, security, or stability improvements only. --
Go-live prep
: CAPACITY PLANNING<br>*<br>Review instance types, disk sizes, and instance counts for production workloads.
: SECURITY REVIEW<br>*<br>Review firewalls, permitted IPs, allowed ports on SGs, etc. for exposure.
: RELIABILITY REVIEW<br>*<br>Review auto-scaling policies, automatic backups for EC2s and databases, multi-AZ deployments, S3 bucket versioning, etc.
: ATCLOUD-626<br>Configure AWS CloudWatch alarms and SNS alerts for monitoring production resources
: ATCLOUD-612<br>Prepare CloudWatch dashboards to monitor AWS resources and EKS workloads
: ATCLOUD-605<br>Create new AWS account for OneConnect Cloud production
: ATCLOUD-578<br>As a non-dev, I want to know which apps are running in staging, prod
: ATCLOUD-629<br>Update contact information in AWS accounts for Billing, Operations, and Security alerts
: ATCLOUD-621<br>Investigate AWS Support plans for go-live
section GO-LIVE!
🎉
: PLATFORM SYNC<br>*<br>OC Senior Staff, Ops Teams, and Devs to meet bi-weekly to discuss platform improvements, challenges, and feedback.<br>(OC Senior Staff, Ops Teams, Devs)
: DAILY STAND-UPS<br>*<br>Ensure developers are monitoring their applications, reporting anomalies, and providing feedback for improving performance, reliability, and cost-effectiveness.<br>(OC Devs)
: OPS SYNC<br>*<br>Establish weekly cadence of knowledge-sharing and incident review with NZ / APD Ops teams.<br>(OC Ops Teams)
: COST REVIEW<br>*<br>Conduct daily cost review and create action items for future cost-saving initiatives.<br>(OC Senior Staff)
: ALERTS REVIEW<br>*<br>Ensure operational alerts are being proactively monitored, reviewed, and mitigated.<br>(OC Ops Teams)
: ATCLOUD-633<br>Proactive and periodic AWS monitoring and review.<br>(OC Senior Staff, DevOps, OC Ops Teams)
section Post Go-live
+1 month
: PAY OFF TECH DEBT<br>*<br>Address any technical debt incurred during the initial development and deployment phases to ensure long-term maintainability and scalability of the platform.
: PAY OFF TECH DEBT<br>*<br>Wrap up any outstanding tasks from pre go-live phase.
: ATCLOUD-631<br>Monitor use of AWS credentials in accounts
: ATCLOUD-689<br>Add GitHub Actions workflows for remaining Terraform projects - SOPS, ECR Mirror, provisioning, etc.
: ATCLOUD-701<br>Cost-saving Create script Jenkins job to clean up unused EBS volumes in EC2
: ATCLOUD-663<br>Cost-saving - Switch off AWS EC2 instances when not in use
: ATCLOUD-652<br>Remove manual remote-stages in Infrastructure Pipeline
: ATCLOUD-290<br>Disaster recovery
+3 months
: ATCLOUD-664<br>Allow local development using alternative registry
: ATCLOUD-651<br>Get the new account into an organizational unit
+6 months
: ATCLOUD-637<br>Integrate 1password into oneconnect