Skip to main content

Go-Live Runbook

Go-Live Runbook

Project: Drop Version: 0.1.0 Date: 2026-02-23 Author: Platform Architect (AI) Status: In Review Reviewers: Alem Bašić (CEO)

Document History

Version Date Author Changes
0.1 2026-02-23 Platform Architect (AI) Initial draft for Drop production go-live

1. Overview

This runbook covers the full procedure for taking Drop from its current staging state to production launch. Drop is currently deployed on AWS App Runner (eu-west-1) with RDS PostgreSQL, but has not yet launched publicly. This runbook covers the steps required to open Drop to real Norwegian users.

Go-Live Owner: Alem Bašić (CEO) Go-Live Date: TBD Rollback Authority: Alem Bašić

Prerequisites for go-live:

  • BankID OIDC client credentials obtained and configured
  • Open Banking provider selected, contracted, and integrated
  • Sumsub production account configured and webhooks verified
  • getdrop.no domain configured with DNS pointing to App Runner
  • SSL certificate provisioned
  • BetterStack monitors configured (3 monitors active)
  • Slack #drop-ops webhook configured
  • RDS security group locked down (no public access)
  • All feature flags reviewed and set correctly
  • Final security audit completed

2. Pre-Launch Checklist (T-7 days)

2.1 Infrastructure

  • AWS App Runner service running with RUNNING status
  • RDS PostgreSQL drop-db instance available (status: available)
  • ECR repository contains latest production-tagged image
  • AWS Secrets Manager contains all required secrets:
    • JWT_SECRET (min 32 chars, generated via openssl rand -base64 48)
    • DATABASE_URL (PostgreSQL connection string)
    • BANKID_CLIENT_ID and BANKID_CLIENT_SECRET
    • SUMSUB_APP_TOKEN and SUMSUB_SECRET_KEY
    • SLACK_WEBHOOK_URL

2.2 Application

  • GET https://9ef3szvvsb.eu-west-1.awsapprunner.com/api/health returns {"status":"ok"}
  • NEXT_PUBLIC_SERVICE_MODE=production confirmed in App Runner env
  • BANKID_MOCK is NOT set (unset in production)
  • All CI pipeline checks passing on main branch (lint, typecheck, tests, E2E, docker-build)
  • Database schema up-to-date (all tables exist)
  • Demo seed data disabled (NODE_ENV=production)

2.3 External Services

  • BankID OIDC: test login with real Norwegian BankID succeeds
  • BankID callback URL matches: https://getdrop.no/api/auth/bankid/callback
  • Sumsub: test KYC flow with real document succeeds end-to-end
  • Sumsub webhook: POST to /api/kyc/webhook with valid signature processed correctly
  • Open Banking: test balance read (AISP) succeeds from real Norwegian bank account
  • Open Banking: test payment initiation (PISP) succeeds in sandbox

2.4 Domain & SSL

  • getdrop.no DNS A record points to App Runner URL (or CloudFront if CDN added)
  • SSL certificate valid for getdrop.no and www.getdrop.no
  • HTTPS redirect enabled (HTTP → HTTPS)
  • HSTS header present in response: Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

2.5 Monitoring

  • BetterStack: Drop Health Check monitor configured, status GREEN
  • BetterStack: Drop Landing Page monitor configured, status GREEN
  • BetterStack: escalation policy assigned to all monitors
  • Slack #drop-ops: test alert received successfully
  • CloudWatch: App Runner logs streaming to /aws/apprunner/drop-web/.../application
  • Public status page live: https://drop-status.betteruptime.com

3. Go-Live Day Procedure (T-0)

Phase 1: Final Verification (T-2h)

# 1. Verify App Runner service
aws apprunner describe-service \
  --service-arn arn:aws:apprunner:eu-west-1:324480209768:service/drop-web/8e45b0d335304487a1880f4e32d6aeec \
  --query 'Service.Status' --output text --region eu-west-1
# Expected: RUNNING

# 2. Health check
curl -s https://getdrop.no/api/health | jq
# Expected: { "data": { "status": "ok", "checks": { "db": { "status": "pass" } } } }

# 3. Verify RDS
aws rds describe-db-instances \
  --db-instance-identifier drop-db \
  --query 'DBInstances[0].DBInstanceStatus' --output text --region eu-west-1
# Expected: available

# 4. Verify latest backup exists
aws rds describe-db-snapshots \
  --db-instance-identifier drop-db --region eu-west-1 \
  --query 'DBSnapshots[?SnapshotType==`automated`]|sort_by(@,&SnapshotCreateTime)[-1].SnapshotCreateTime' \
  --output text
# Expected: timestamp from last 24h

# 5. Create pre-launch manual snapshot
aws rds create-db-snapshot \
  --db-instance-identifier drop-db \
  --db-snapshot-identifier drop-db-pre-launch-$(date +%Y%m%d-%H%M) \
  --region eu-west-1

Phase 2: BankID Callback URL Verification (T-1h)

# Verify BankID client configuration
# Log in at BankID developer portal and confirm:
# - Callback URL: https://getdrop.no/api/auth/bankid/callback
# - Mobile callback: drop://auth/callback
# - Scopes: openid profile

Phase 3: Soft Launch (T-0, invite-only)

  1. Configure App Runner environment: BANKID_MOCK= (unset — real BankID)
  2. Set NEXT_PUBLIC_APP_URL=https://getdrop.no
  3. Deploy latest production image
  4. Verify health check: curl https://getdrop.no/api/health
  5. Conduct a live end-to-end test with Alem's real BankID:
    • Navigate to https://getdrop.no
    • Click "Logg inn med BankID"
    • Authenticate with real BankID
    • Verify dashboard loads with bank account balance (AISP)
    • Verify KYC status shows approved (BankID = verified)
    • Test disclosure endpoint before a remittance
    • Test QR payment scan (if merchant test account exists)

Phase 4: BetterStack Maintenance Window — Close (T+30min)

After confirming system is stable:

  1. Close any BetterStack maintenance window (if created for go-live)
  2. Verify BetterStack monitors show green
  3. Verify Slack #drop-ops received startup alert

Phase 5: Public Launch (T+1h, if soft launch successful)

  1. Remove any invite-only restriction
  2. Announce on social/marketing channels
  3. Monitor #drop-ops for the first 2 hours
  4. Check BetterStack every 30 minutes for first 2 hours

4. Feature Flags at Launch

Flag Launch State Notes
NEXT_PUBLIC_FF_NOTIFICATIONS true Push notifications enabled
NEXT_PUBLIC_FF_MERCHANT_DASHBOARD true Merchant dashboard enabled
NEXT_PUBLIC_FF_VIRTUAL_CARDS false Not launched — requires card partner
NEXT_PUBLIC_FF_PHYSICAL_CARDS false Future feature
NEXT_PUBLIC_FF_CARD_DETAILS false Future feature
NEXT_PUBLIC_FF_CARD_FREEZE false Future feature
NEXT_PUBLIC_FF_CARD_PIN false Future feature
NEXT_PUBLIC_FF_SPENDING_LIMITS false Future feature

5. Rollback Procedure

If any critical issue is found during or after go-live:

Immediate Actions (within 5 minutes)

# Option A: Rollback to previous App Runner deployment
aws apprunner start-deployment \
  --service-arn arn:aws:apprunner:eu-west-1:324480209768:service/drop-web/8e45b0d335304487a1880f4e32d6aeec \
  --region eu-west-1

# Option B: If issue is in environment config, update env vars
# (via AWS Console — App Runner environment configuration)
# Then trigger new deployment

Communication

  1. Send Slack message to #drop-ops: "Going back to previous version — investigating [issue]"
  2. Update BetterStack status page: create incident
  3. If users are affected: prepare user communication

Post-Rollback

  1. Confirm health check returns OK after rollback
  2. Confirm BetterStack monitors green
  3. Investigate root cause before re-attempting launch
  4. Document in incident report

6. Post-Launch Monitoring (First 24h)

Time Action
T+0 to T+2h Monitor #drop-ops Slack continuously
T+2h Review CloudWatch logs for errors
T+4h Check transaction volume and success rate
T+8h Review Sumsub KYC queue — any stuck applicants?
T+24h First SLA report — uptime, error rate, p99 latency
T+7 days First weekly review

Key metrics to watch:

  • BetterStack: uptime must stay green (>= 99.9%)
  • Slack #drop-ops: no critical alerts
  • Error rate in logs: < 1% of requests
  • BankID login success rate: > 99%
  • KYC approval rate: > 80%

7. Compliance Actions at Launch

  • Notify Finanstilsynet of live service (if required by PISP/AISP licence)
  • Confirm getdrop.no/vilkaar (terms of service) is accessible
  • Confirm getdrop.no/personvern (privacy policy) is accessible
  • Confirm complaint submission form accessible via app
  • Confirm GDPR consent is requested on first use
  • Confirm AML monitoring is active (aml_alerts table populated on large transactions)

Approval

Role Name Date Signature
Author Platform Architect (AI) 2026-02-23
Reviewer
Approver Alem Bašić
Back to top