Cloud accounts & VPS providers¶
Every cloud / VPS / hosting account the organization owns. The "where the money goes and who can press the destroy button" register.
Posture, 2026-05-05: the entire estate runs on Oracle Cloud (OCI) across two tenancies, plus GoDaddy for domains and Microsoft 365. No other clouds, no other VPS providers, no on-prem.
Inventory at a glance¶
| Provider | Account / tenancy | Used for | Region | Billing | Admin |
|---|---|---|---|---|---|
| OCI | EIDOSDev1 | PE products (Parallax, TnE Connect, Fourway tenant, dev) | uk-london-1 | Project Eidos corporate card | Tracey Weetman (root), Bradley Leggett (DBA), Vishnu Kant (cloud) |
| OCI | ORA448Global | *.448.global internal estate |
uk-london-1 | 448 Global's separate card (sister company; merger planned) | Adam Pitt-Stanley (owner); Vishnu Kant (additional admin) |
| GoDaddy | [INFO NEEDED] account |
Domain registration + Microsoft 365 mailbox hosting | n/a | [INFO NEEDED] |
[INFO NEEDED] |
No personal-email registrant exposure across these accounts (per Vishnu).
OCI — EIDOSDev1¶
| Field | Value |
|---|---|
| Tenancy OCID | [INFO NEEDED] |
| Home region | uk-london-1 |
| Subscribed regions | uk-london-1 only |
| Tenancy admin (root) | Tracey Weetman |
| DBA admin | Bradley Leggett |
| Cloud admin | Vishnu Kant |
| Tenancy admin MFA enforced | yes |
| Billing | Project Eidos corporate card |
| Identity domain (IAM) | [INFO NEEDED] |
| Federation with Authentik / external IdP | [INFO NEEDED] |
Compartments in scope¶
| Compartment | Used for |
|---|---|
UR |
Untapped Revenue Solutions / Parallax (paid ADB E5) |
FOURWAY |
Fourway client TnE Connect tenant (Free ADB E4) |
Dev |
Hosts E1 (Caddy proxy) + E2 (Dokploy) + general dev / sandbox |
| (other compartments exist; document as they come into scope) |
Resources (full list in servers.md)¶
- 2 × Ampere A1 VPS (Always Free) — Caddy reverse-proxy + Dokploy
- 2 × Free ADBs (Always Free) — TnE Connect prod (Eidos) + Fourway tenant
- 1 × Paid ADB (APEX-only workload) — Parallax prod + pre-prod
OCI — ORA448Global¶
| Field | Value |
|---|---|
| Tenancy OCID | [INFO NEEDED] |
| Home region | uk-london-1 |
| Subscribed regions | uk-london-1 only |
| Tenancy owner / root | Adam Pitt-Stanley (company owner) |
| Additional admin | Vishnu Kant (day-to-day operator) |
| MFA enforced | yes |
| Billing | 448 Global card (separate corporate card; merger with Project Eidos planned) |
| Identity domain (IAM) | [INFO NEEDED] |
Resources (full list in servers.md)¶
- 1 × Ampere A1 VPS (Always Free) — Caddy + Portainer + every
*.448.globalapp - 2 × Free ADBs (Always Free) — APEX1 448 + APEX2 448 (internal dev envs / CI/CD)
GoDaddy¶
| Field | Value |
|---|---|
| Account managed by | company leaders only (Stacy Carpenter, Adam Pitt-Stanley) |
| Engineering team access | none direct — changes go through the leadership |
| Vault entry for login | n/a (held by leadership; not in vault.448.global) |
What lives at GoDaddy:
- All four domain registrations (projecteidos.com, eidos-global.com, tneconnect.app, 448.global) — [CONFIRM] whether all four are at GoDaddy.
- Microsoft 365 mailbox hosting for company email.
- DNS hosting [CONFIRM] (whether GoDaddy is also DNS host, or if DNS is delegated elsewhere).
GoDaddy is therefore a Tier-0 dependency. A GoDaddy account compromise simultaneously gives an attacker: every domain, all email, and (if DNS is hosted there) the ability to redirect every URL.
Credential / password storage today¶
- Vishnu's scope (UR + FOURWAY compartments + ORA448Global): credentials in
vault.448.global. - Bradley's scope (general DBA / EIDOSDev1 admin work): credentials in his personal Bitwarden vault.
- Tracey's scope (EIDOSDev1 tenancy root + Oracle commercial relationship):
[INFO NEEDED]storage.
Risk: Bradley's personal Bitwarden is a hidden bus-factor and off-boarding hazard. Every shared credential should migrate into
vault.448.globalwith documented per-secret access paths.
Billing¶
| Tenancy | Card | Notes |
|---|---|---|
| EIDOSDev1 | Project Eidos corporate card | |
| ORA448Global | 448 Global card | sister company; merger planned, after which billing should consolidate |
| GoDaddy | [INFO NEEDED] |
No personal-name registrant on any account, per Vishnu.
Risks¶
- Single-region, single-AZ posture on both OCI tenancies (uk-london-1). A region-level OCI incident is total outage. No cross-region DR yet.
- GoDaddy is the keystone external account — domains + Microsoft 365 + (likely) DNS in one provider. Compromise scope: every URL, every email, every cert that needs DNS-01.
- Bradley's personal Bitwarden holds shared credentials → off-boarding and bus-factor risk.
- Tenancy-owner custodianship: Tracey is the EIDOSDev1 tenancy admin (Bradley also has full access); ORA448Global is owned by Adam Pitt-Stanley with Vishnu as an additional admin. EIDOSDev1's documented backup-admin is Bradley; ORA448Global's owner-and-admin pair is Adam + Vishnu.
- Two billing entities until merger completes — credit-card expiry on either is independent.
- No tenancy federation with Authentik — local OCI users; central revocation requires manual cleanup in each tenancy.
- Free Tier reliance for production-adjacent workloads — Free ADBs auto-pause after inactivity, Ampere A1 has no SLA, terms-of-service can change.
Phase-2 actions¶
- Document tenancy OCIDs, IAM domains, MFA status (close
[INFO NEEDED]s above). - Move every shared OCI credential into
vault.448.global. Drain Bradley's personal Bitwarden of shared items. - Document a second human with admin privilege per tenancy (avoid single-person bus factor).
- Capture GoDaddy account detail + enable MFA + put login in Vault.
- Federate OCI IAM with Authentik OIDC for centralized identity + revocation.
- Plan cross-region DR for paid ADBs (Parallax). Free Tier ADBs: accept their limits or upgrade.
- After 448 Global / Project Eidos merger, consolidate billing and consider tenancy consolidation.