Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Multi-Perspective Executive Audit Infrastructure: Building a Scalable C-Suite Reporting Pipeline on AWS Lambda & SES

Over the past development cycle, we built and deployed a sophisticated multi-perspective executive reporting system designed to surface operational, technical, financial, and strategic gaps across a four-entity portfolio (JADA, QueenofSanDiego, QuickDumpNow, DangerousCentaur). This post covers the architecture, deployment strategy, and key technical decisions that went into building this audit infrastructure.

What Was Done

We created two parallel Python-based report generation systems:

  • /Users/cb/Documents/repos/tools/send_exec_reports.py — Initial five-report pipeline (CEO, CTO, Accounting, CMO, CFO perspectives)
  • /Users/cb/Documents/repos/tools/send_exec_reports_2.py — Extended three-report pipeline (3028 51st St Rental, Expert Yacht Delivery, DangerousCentaur Client Portfolio)

Both scripts leverage AWS SES (Simple Email Service) for delivery with verified sender identities and programmatically generate rich, multi-section reports tailored to each stakeholder's expertise and concerns. Reports were sent to c.b.ladd@gmail.com with BCC to admin@queenofsandiego.com for audit trail.

Technical Architecture

Report Generation Pipeline

Each report script follows this pattern:

# Pseudo-structure
1. Load environment config (repos.env for SES credentials)
2. Instantiate SES client (boto3)
3. Define perspective-specific report generators:
   - Asset inventory across 4 entities
   - Gap analysis (security, revenue, process, UX)
   - KPI identification
   - Prioritized action items
4. Format reports as plaintext with section headers
5. Send via SES.send_email() with verified From address

The first script generated five domain-expert perspectives:

  • CEO Report — Full asset map, 8 critical shortfalls (empty pipeline, no revenue tracking, Sergio equity risk, zero OTA listings, DC billing model gap, QDN funnel breakdown, Carole transition risk), 9 missing KPIs, 30-day priority agenda
  • CTO Report — Stack audit across all 4 domains, 6 security gaps (hardcoded Stripe keys in repos, plaintext environment files, unauthenticated GAS endpoints, no WAF), cost analysis (~$50–84/mo AWS baseline, ~$25/mo optimization available), UX shortfalls (no availability calendar, zero analytics instrumentation, stale tier copy), dev cycle gaps (no CI/CD, no staging environment, no automated rollback), 10 prioritized engineering actions
  • Accounting Report — Revenue recognition gaps, complete chart of accounts, expense audit by category, identified complete absence of any accounting system, 4-milestone roadmap to profitability Q1 2027
  • CMO Report — Channel visibility matrix, case for immediate 3,676-person email blast (modeled at $10K–50K concert booking potential), OTA sequencing (Sailo first, GetMyBoat second, Viator/GYG after COI), QDN local SEO roadmap, 30/60/90-day milestones
  • CFO Report — Burn rate model (~$7–9K/mo), tiered capital deployment framework, break-even at 6 charters/month, monthly revenue targets through Q4 2026, 3 non-negotiable financial rules

The second script extended coverage to three additional asset classes:

  • 3028 51st St Rental operational audit
  • Expert Yacht Delivery fleet and margin analysis
  • DangerousCentaur Client Portfolio billing gap audit

AWS Infrastructure

The reporting pipeline integrates with existing AWS infrastructure:

  • AWS SES — Verified sender domain admin@queenofsandiego.com, configured in us-west-2 region
  • Environment Variables — SES credentials loaded from repos.env (local development) or Lambda environment (for future automation)
  • Python Boto3 Client — AWS SDK for SES, configured with region and credentials

Key Technical Decisions

Why Separate Scripts for Two Report Batches

We created two distinct entry points rather than a monolithic report generator for several reasons:

  • Scalability — Each script can be independently scheduled (via EventBridge cron rules) or triggered manually without coupling
  • Stakeholder Segmentation — The first five reports target core C-suite roles; the second three address ancillary asset oversight. Keeping them separate allows for different scheduling cadences and recipient lists
  • Development Velocity — Two smaller codebases are easier to version control, test, and modify than one monolithic generator
  • Future Lambda Deployment — Each script can become its own Lambda function, allowing independent scaling and cost allocation

Why SES Over SMTP or Third-Party Services

We chose AWS SES for several reasons:

  • Cost — $0.10 per 1,000 emails after free tier; third-party services (SendGrid, Mailgun) typically cost $10–50/month minimum
  • Integration — Native boto3 support eliminates external dependencies
  • Deliverability — AWS's reputation and DKIM/SPF/DMARC setup gives high inbox placement rates
  • Audit Trail — SES Sending Events integrate with CloudWatch Logs for compliance tracking

Why Plaintext Over HTML Templates

Initial reports were formatted as plaintext with clear section headers rather than HTML because:

  • Simplicity — No template rendering overhead; easier to read in email clients with broken CSS rendering
  • Copy-Paste Friendly — C-suite users often copy sections into Slack, Notion, or Google Docs; plaintext preserves formatting
  • Mobile-First — Plaintext renders identically on all devices without responsive design complexity

Integration Points with Existing Systems

Lambda & CloudFront Deployments

During this audit cycle, the primary ShipCaptainCrew Lambda function (/Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/lambda_function.py) underwent 10+ iterations addressing:

  • Event timing calculations (sunset times, departure/return window logic)
  • JWT token generation and validation for magic-link authentication
  • Role claim and release handlers (captain → crew designations)
  • Checklist state management and waiver integration
  • DynamoDB direct updates for role transitions

Frontend updates to /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/frontend/index.html included timing panel UI refinements and magic-link auth flow integrations. Each Lambda deployment was