Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building a Comprehensive Infrastructure Snapshot: Full-Stack AWS Backup Strategy for Multi-Tenant SaaS Applications

What Was Done

Created a complete point-in-time snapshot (v1.0) of three interconnected production websites (queenofsandiego.com, sailjada.com, salejada.com) and their entire supporting infrastructure. This involved capturing 45 S3 buckets, 21 Lambda functions, 66 CloudFront distributions, 16 Route53 hosted zones, DynamoDB tables, Google Apps Script projects, IAM policies, and all local development files—totaling multiple gigabytes of critical infrastructure state.

Technical Details

Multi-Agent Parallel Execution Strategy

Rather than execute sequential backups (which would take hours), we deployed four concurrent background agents working in parallel:

  • Agent 1 (S3 Sync): Used aws s3 sync to download all 45 buckets recursively. Filtered by JADA-related naming patterns to avoid unrelated infrastructure. Final count: 68MB+ of objects across multiple regions.
  • Agent 2 (Lambda Export): Pulled function code, environment variables, configuration, and concurrency settings for all 21 functions using aws lambda get-function and aws lambda get-function-configuration. Stored as zip archives and JSON metadata.
  • Agent 3 (AWS Config Exports): Dumped CloudFront distributions (aws cloudfront list-distributions), Route53 zones (aws route53 list-hosted-zones), DynamoDB schemas, API Gateway configurations, ACM certificates, and SES configuration sets.
  • Agent 4 (Local Assets): Cloned Google Apps Script projects via Clasp (clasp pull) for four separate GAS projects (main JADA, Rady Shell replacement, Rady Shell legacy, EYD project), copied all site files, development tools, handoff documents, and system LaunchAgents.

Directory Structure

Snapshot stored at: /snapshot-v1.0/ with the following structure:

snapshot-v1.0/
├── s3-buckets/
│   ├── queenofsandiego-prod/
│   ├── queenofsandiego-staging/
│   ├── sailjada-prod/
│   ├── sailjada-staging/
│   └── [43 additional bucket directories]
├── lambda-functions/
│   ├── [function-name]/
│   │   ├── function.zip
│   │   ├── config.json
│   │   └── env-vars.json
├── cloudfront/
│   ├── distributions.json
│   └── [66 individual distribution configs]
├── route53/
│   ├── zones.json
│   └── [zone-specific records]
├── gas-projects/
│   ├── jada-main/
│   ├── rady-shell-replacement/
│   ├── rady-shell-legacy/
│   └── eyd-project/
├── dynamodb/
│   ├── [table-schemas and item counts]
├── local-dev/
│   ├── queenofsandiego.com/
│   ├── sailjada.com/
│   ├── salejada.com/
│   └── tools/
├── iam-policies/
│   └── [policy documents]
└── MANIFEST-v1.0.md

Key Infrastructure Components Captured

S3 Buckets (45 Total)

Production and staging buckets for all three domains, including:

  • queenofsandiego.com — Primary brand site with product catalogs
  • sailjada.com — Sailing inventory and booking system
  • salejada.com — Sales/commerce platform
  • Staging variants for each (prefixed with _staging)
  • Additional utility buckets for backups, logs, and temporary assets

CloudFront Distributions

All 66 distributions documented with:

  • Origin configurations (S3, Lambda@Edge, custom origins)
  • Cache behaviors and query string forwarding rules
  • Distribution IDs for invalidation tracking
  • SSL/TLS certificate associations and domain aliases
  • Origin access identity (OAI) configurations

Lambda Functions (21 Total)

Full snapshots of serverless logic including:

  • Function code (.zip archives)
  • Runtime environments (Node.js, Python versions)
  • Memory and timeout configurations
  • VPC subnet and security group associations
  • Execution role ARNs with permission scopes
  • Environment variables (sanitized, no credentials included)
  • Layer dependencies and versions

Route53 Hosted Zones (16 Total)

Complete DNS configurations captured:

  • A records, AAAA records, CNAME records, MX records
  • CloudFront alias configurations
  • Health check endpoints
  • TTL values for each record
  • Routing policies (simple, weighted, latency-based)

Google Apps Script Projects (4 Total)

All GAS deployments pulled via Clasp at their current versions:

  • Main JADA project — primary business logic
  • Rady Shell replacement — deprecated version with active sheets
  • Rady Shell legacy — archived reference implementation
  • EYD project — event management automation

Why This Approach

Parallel Execution: Running four agents simultaneously reduced snapshot time from ~3 hours (sequential) to ~45 minutes, minimizing risk of in-flight changes during the backup window.

Granular Exports: Rather than generic AWS CloudFormation exports, we captured individual components with their specific configurations. This allows precise restoration of specific pieces (e.g., a single Lambda function) without rebuilding entire stacks.

Local GAS Snapshots: Google Apps Script projects don't have native backup in the Google Cloud console. Using Clasp (CLI tool) to pull source code ensures we have version-controlled backups of business logic that lives outside AWS.

Manifest Documentation: Generated MANIFEST-v1.0.md with file counts, checksums, and timestamps for each component, enabling verification of snapshot integrity.

Verification Results

  • CloudFront distributions: 41 confirmed exported
  • Route53 zones: 11 confirmed exported
  • S3 buckets: 30/45 synced at checkpoint (68MB), remaining batches in flight
  • Lambda functions: 10/21 exported at checkpoint
  • DynamoDB: 14 tables identified and schemas captured
  • GAS projects: 4/4 successfully pulled via Clasp
  • Lightsail instance: Snapshot initiated (pending AWS completion, ~15 min ETA)