Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building a Multi-Tenant Event Management Platform: Architecture, Deployment, and C-Suite Reporting Infrastructure

What Was Done

Over this development session, we completed a comprehensive overhaul of the Ship Captain Crew (SCC) event management platform while simultaneously building an enterprise-grade executive reporting system across four separate business entities. The work encompassed:

  • Deployed updated Lambda function with enhanced event lifecycle management (departure/return timing, checklist orchestration, role state machines)
  • Rebuilt frontend UI with improved timing panel controls and guest-facing waiver integration
  • Implemented JWT-based authentication with magic link invite system
  • Designed and deployed five specialized C-suite reports via Amazon SES, each tailored to a distinct organizational persona (CEO, CTO, CMO, CFO, Accounting Officer)
  • Created infrastructure-as-code patterns for multi-domain deployment and CloudFront invalidation
  • Established EventBridge cron triggers for automated nudge communications

Technical Details: Event Management Core

Lambda Function Architecture

The primary Lambda function lives at /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/lambda_function.py. This function handles:

  • Event Lifecycle: Create, retrieve, update, and list operations with DynamoDB as the primary store. Each event maintains state: pending, confirmed, in_progress, completed, cancelled.
  • Role Management: Captain, Crew, Guest roles with claim/release mechanics. The captain can designate crew members; crew can claim roles if available. Critical: role state is stored in DynamoDB with timestamps to track claim/release sequences.
  • Checklist Orchestration: Events trigger pre-departure and post-return checklists. The function loads checklist templates, binds them to specific events, and tracks completion state per role.
  • Magic Link Authentication: JWT tokens generated server-side with a 24-hour TTL. Short codes (6 alphanumeric) stored in DynamoDB as lookup keys, allowing email-based invites without exposing full tokens in URLs.
  • Waiver Management: Guest-facing waiver page integrated via the frontend; on-hold status prevents guests from progressing through the acceptance flow.

Why this architecture: Stateless Lambda + DynamoDB decouples request handling from session state. Magic links eliminate the need for password management. Short codes provide an extra layer of indirection, reducing token exposure in email systems that may be logged or forwarded.

Frontend Structure

The frontend is a single-page application at /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/frontend/index.html. Key elements:

  • Timing Panel: Displays sunset time, departure time (captain-set), return time (estimated). JavaScript hooks load these values from the Lambda endpoint /event/{event_id}.
  • Checklist UI: Dynamic form rendering based on the active checklist. Completion state tracked per user per event.
  • Role Claim Modal: Renders available roles, handles claim requests, displays confirmation or error states.
  • Waiver Page: Guest-only view triggered when on_hold = false and role = 'guest'. Waiver acceptance stored in DynamoDB, unblocks further actions.

Why this structure: Single HTML file with inline JavaScript simplifies deployment (no build step) and reduces cold-start latency. All state lives server-side; the frontend is purely a rendering layer.

Infrastructure: Multi-Domain Deployment Pattern

Lambda Deployment

The Lambda function is deployed to AWS under the Ship Captain Crew tool. Pre-deployment, we run syntax validation:

python -m py_compile lambda_function.py

Deployment zips the function and uploads to AWS:

cd /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/
zip -r function.zip lambda_function.py
aws lambda update-function-code \
  --function-name shipcaptaincrew \
  --zip-file fileb://function.zip

Environment variables: Stored securely in AWS Lambda console (not in repos.env). These include:

  • DYNAMODB_TABLE: The DynamoDB table name for events, checklists, and magic links.
  • JWT_SECRET: Used to sign/verify authentication tokens. Stored in AWS Secrets Manager, not in code.
  • SES_SENDER_EMAIL: Verified SES sender address (e.g., admin@queenofsandiego.com).

Frontend Deployment to S3 + CloudFront

The frontend is deployed to S3 and served through CloudFront for global caching and HTTPS termination:

aws s3 cp index.html s3://queenofsandiego-shipcaptaincrew/ --content-type text/html
aws cloudfront create-invalidation \
  --distribution-id E1A2B3C4D5E6F7 \
  --paths "/*"

Why CloudFront invalidation: Users see updates immediately without waiting for cache expiry (default 24 hours). The /* path invalidates all objects; more granular paths reduce API costs.

EventBridge Cron Rule

For automated nudge emails before events, we created an EventBridge rule:

aws events put-rule \
  --name ptb_nudge \
  --schedule-expression "cron(0 12 * * ? *)" \
  --state ENABLED

This rule fires daily at noon UTC. When triggered, it invokes a Lambda that queries DynamoDB for events happening in the next 24 hours and sends reminder emails via SES.

Executive Reporting Infrastructure

Multi-Persona Report Generation

We created /Users/cb/Documents/repos/tools/send_exec_reports.py, a specialized script that generates five distinct reports, each written as if by a different C-suite voice:

  • CEO Report: Asset inventory across all four entities (JADA, QueenofSanDiego, QuickDumpNow, DangerousCentaur). Identifies 8 critical revenue leaks: empty sales pipeline, missing OTA integrations (Sailo, GetMyBoat, Viator), no structured billing for DangerousCentaur, and Sergio equity risk. Proposes 30-day action plan.
  • CTO Report: Stack-by-stack security audit and cost analysis. Flags hardcoded Stripe keys (move to Secrets Manager), plaintext repos.env file (use AWS Parameter Store), unauthenticated Google Apps Script endpoints (add IAM checks), and missing WAF on CloudFront. Estimates $25/month in cost savings via Lambda consolidation and RDS right-sizing. Recommends CI/CD pipeline (GitHub Actions) and blue-green deployment strategy.
  • Accounting Officer Report: Revenue recognition framework, chart of accounts template, and expense audit. Identifies gap: no accounting system in place.