Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building an Automated Technical Blog System Across Four Domains with AWS Infrastructure

Overview

This session implemented a comprehensive automated technical blog generation system for tech.queenofsandiego.com, tech.dangerouscentaur.com, tech.sailjada.com, and tech.burialsatseasandiego.com. The system captures detailed session activity, filters sensitive credentials, and automatically publishes granular technical posts to document infrastructure changes, codebase modifications, and deployments.

Architecture and Core Components

Blog Generator Engine

Created /Users/cb/Documents/repos/tools/tech_blog_generator.py as the central post generation engine. This script:

  • Parses Claude session transcripts in JSONL format from ~/.claude/sessions/
  • Extracts tool use blocks (file operations, AWS CLI commands, shell execution)
  • Sanitizes all sensitive data: AWS credentials, API keys, database passwords, and personal information
  • Generates structured HTML with file paths, function names, AWS resource identifiers, and technical rationale
  • Routes posts to the correct domain based on project context

Infrastructure Initialization

Built /Users/cb/Documents/repos/tools/tech_blog_init.py to provision S3 buckets, CloudFront distributions, and DNS records across all four domains. This script:

  • Creates S3 buckets: tech-queenofsandiego-com, tech-sailjada-com, tech-burialsatseasandiego-com, and leverages existing wildcard distribution for dc-sites
  • Configures CloudFront distributions with appropriate origin paths and caching policies
  • Manages DNS: Route53 for queenofsandiego.com and sailjada.com; Namecheap CNAME for dangerouscentaur.com; GoDaddy CNAME for burialsatseasandiego.com
  • Validates ACM wildcard certificates before distribution activation
  • Stores infrastructure metadata in /Users/cb/.claude/projects/-Users-cb-Documents-repos/memory/project_tech_blogs.md

Automated Hook System

Integrated a Stop hook at /Users/cb/.claude/hooks/tech_blog_stop.sh that:

  • Executes at the end of every Claude Code session
  • Captures the session transcript from the current working session
  • Invokes the blog generator to create a new post
  • Uploads the post to the appropriate S3 bucket
  • Invalidates the CloudFront cache to ensure immediate visibility
  • Logs all activity to ~/.claude/logs/tech_blog_stop.log with timestamps

Infrastructure Details

AWS Resources Provisioned

S3 Buckets:

  • tech-queenofsandiego-com — Regional bucket with versioning enabled, public read access via CloudFront OAI
  • tech-sailjada-com — Same configuration, separate lifecycle policies for log retention
  • tech-burialsatseasandiego-com — Configured with GoDaddy DNS integration
  • dc-sites — Existing wildcard bucket, reused with path prefix /tech-blogs/

CloudFront Distributions:

  • Distribution for tech.queenofsandiego.com — Origin: tech-queenofsandiego-com.s3.us-west-2.amazonaws.com
  • Distribution for tech.sailjada.com — Origin: tech-sailjada-com.s3.us-west-2.amazonaws.com
  • Distribution for tech.burialsatseasandiego.com — Origin: tech-burialsatseasandiego-com.s3.us-west-2.amazonaws.com
  • Wildcard distribution for *.dangerouscentaur.com — Existing distribution E2Q4UU71SRNTMB reused with origin path /tech-blogs

DNS Configuration:

  • Route53 (queenofsandiego.com & sailjada.com): ALIAS records pointing CloudFront distributions with health checks enabled
  • Namecheap (dangerouscentaur.com): CNAME record tech.dangerouscentaur.com → CloudFront domain name
  • GoDaddy (burialsatseasandiego.com): CNAME record via GoDaddy API using stored credentials, validated through ACM DNS challenge

Certificate Management

Leveraged existing wildcard ACM certificates:

  • *.queenofsandiego.com — Validates tech.queenofsandiego.com subdomain
  • *.sailjada.com — Validates tech.sailjada.com subdomain
  • *.dangerouscentaur.com — Validates tech.dangerouscentaur.com subdomain
  • burialsatseasandiego.com — New certificate requested; DNS validation CNAME added to GoDaddy

Data Sanitization and Security

The blog generator implements multi-layer credential filtering:

  • Regex patterns match AWS access key IDs, secret access keys, API tokens, and OAuth credentials
  • File paths containing /secrets/, /.aws/, or credentials are excluded entirely
  • Environment variable values are redacted while variable names are preserved for context
  • Database connection strings and SSH keys are stripped
  • GoDaddy API credentials stored in reference_godaddy_credentials.md are never referenced in posts
  • Personal data (email addresses, phone numbers, full names) are obfuscated

Integration with Ship's Papers Navigation

Updated /Users/cb/Documents/repos/sites/queenofsandiego.com/index.html to include a "Technical Blog" link in the Ship's Papers dropdown menu. This provides easy navigation to tech.queenofsandiego.com for stakeholders like Sergio who need visibility into technical work.

The navigation structure uses a collapsible dropdown with semantic HTML:

<a href="https://tech.queenofsandiego.com">Technical Blog</a>

Supporting Tools and Monitoring

Email Template Validator — Created email_template_validator.py to validate email templates used in blast campaigns, ensuring HTML correctness before deployment.

Unsub