Score: 100/100 | Grade: A
| Category | Check | Status | Impact | Explanation |
|---|---|---|---|---|
| IP Planning | Hub subnet sizing | ✅ PASS | - | Architecture uses dual Shared VPC pattern (one production VPC, one non-production VPC) with no inter-VPC peering. Hub-spoke subnet sizing check does not apply to this topology. Note: the FAST stage directory is named hub-and-spokes-peerings because that's FAST's stage naming convention; the actual configuration in this example is dual Shared VPC. |
| IP Planning | CIDR overlap | ✅ PASS | - | No IP range overlap between VPC subnets and on-premises networks. |
| IP Planning | GKE secondary ranges | ✅ PASS | - | Secondary IP ranges configured for GKE pod/service networking. |
| Multi-Region | DR region configured | ✅ PASS | - | DR region configured: us-east4. |
| Multi-Region | DR data sovereignty | ✅ PASS | - | Not a government org or multi-region not required; check not applicable. |
| Multi-Region | DR subnet coverage | ✅ PASS | - | 2 subnet(s) configured in DR region us-east4. |
| GKE | Network refs valid | ✅ PASS | - | GKE network references match defined VPCs/subnets. |
| GKE | Private cluster | ✅ PASS | - | All production GKE clusters use private cluster mode. |
| Hybrid | Interconnect redundancy | ✅ PASS | - | 1 Interconnect connection(s) with 'NONE' redundancy meets 99% availability target. |
| Hybrid | VLAN region | ✅ PASS | - | All VLAN attachments have regions configured. |
| Naming | Cross-section consistency | ✅ PASS | - | Cross-section resource name references are consistent. |
| Identity | SA least privilege | ✅ PASS | - | All service accounts use purpose-specific predefined roles. |
| Security | CMEK Encryption | ✅ PASS | - | CMEK enabled. Key rings will be auto-generated from workload services. |
| Security | DLP Configuration | ✅ PASS | - | DLP check skipped — Advanced Security section not applicable for this profile/compliance. |
| Security | Cloud Armor WAF | ✅ PASS | - | Cloud Armor enabled with 1 WAF policy(ies). |
| Identity | Service accounts | ✅ PASS | - | Custom service accounts defined. |
| Hierarchy | Hierarchy type | ✅ PASS | - | Using team_based hierarchy. |
| Security | Org policies | ✅ PASS | - | 12 organization policies enforced. |
| Logging | Log retention | ✅ PASS | - | Audit logging configured with adequate retention. |