Building a Comprehensive Infrastructure Snapshot: Automating Multi-Site Cloud Asset Inventory
What Was Done
Created a complete v1.0 snapshot of the JADA ecosystem across three production sites (queenofsandiego.com, sailjada.com, salejada.com) and associated infrastructure. This included 45 S3 buckets, 66 CloudFront distributions, 21 Lambda functions, 16 Route53 hosted zones, Google Apps Script projects, Lightsail instances, DynamoDB tables, and local development repositories. The snapshot was orchestrated across four parallel background agents to minimize execution time and capture infrastructure state atomically.
Technical Details
Multi-Agent Architecture
Rather than sequential downloads that would take hours, we distributed the snapshot workload across four independent agents running in parallel:
- Agent 1 (S3 Sync) — Used
aws s3 syncto recursively download all 45 JADA-related buckets. This captured production data, staging overlays, CloudFront cache invalidation logs, and backup buckets. - Agent 2 (Lambda Export) — Pulled function code via
aws lambda get-function, extracted configuration metadata, environment variables (without secrets), and layer dependencies for all 21 functions. - Agent 3 (AWS Config Export) — Exported CloudFront distribution configurations, Route53 DNS records, ACM certificates, API Gateway endpoints, DynamoDB table schemas, SES configuration sets, and IAM role policies.
- Agent 4 (Local File Inventory) — Copied local Git repositories including the sites directory, tools scripts, LaunchAgents configurations, handoff documentation, and memory files.
Google Apps Script Extraction
GAS projects were pulled using clasp (Google Apps Script CLI) directly from four project IDs:
- Main JADA BookingAutomation project
- Rady Shell replacement automation
- Rady Shell legacy automation
- EYD event system
Each was pulled with clasp pull [project-id], then copied into the snapshot's gas/ subdirectory structure to preserve the original .gs file hierarchy and appsscript.json manifests.
Lightsail Instance Snapshot
Triggered a disk snapshot for the jada-agent-v1.0-20260509 Lightsail instance to capture the current state of any running automation agents or background processes. This was necessary because some booking logic and event processing may be stateful on that instance.
Infrastructure Resources Captured
S3 Buckets (45 total)
Included production buckets, staging overlays, backup/archive buckets, and CloudFront log buckets:
- Production sites: queenofsandiego.com, sailjada.com, salejada.com
- Staging variants with _staging subfolder or dedicated staging buckets
- Specialized buckets (e.g., bobdylan bucket for artist pages, managercandy for internal tools)
- CloudFront distribution logs and access logs
- DynamoDB table backups
CloudFront Distributions (66 total)
All 66 distributions were exported with their configurations including:
- Origin configurations (S3 origin for static sites, custom origins for API endpoints)
- Behavior rules and cache policies
- SSL/TLS certificates and security headers
- Geographic restrictions and WAF associations
- Distribution IDs for all three sites plus staging variants
Lambda Functions (21 total)
Function code and configuration extracted for booking automation, event processing, API handlers, and scheduled tasks. Environment variables captured (sanitized of secrets), along with:
- Function runtime (Node.js, Python versions)
- VPC configuration and security group associations
- IAM execution role policies
- Layer dependencies and their versions
- CloudWatch Logs group names for each function
Route53 Hosted Zones (16 total)
All DNS records exported in JSON format, capturing:
- A records for apex domains (queenofsandiego.com, sailjada.com, etc.)
- CNAME records pointing to CloudFront distributions
- MX records for SES email configuration
- TXT records for domain verification and DKIM/SPF
- NS records for subdomain delegation
Supporting Infrastructure
- DynamoDB — Table schemas and configuration (not data) for booking state, event metadata, and user sessions
- ACM Certificates — Certificate ARNs and expiration dates for all domains
- API Gateway — REST API configurations, stages, and integration mappings
- SES Configuration — Verified identities, configuration sets, and sending limits
- IAM — Role policies, trust relationships, and service-linked roles
File Structure of Snapshot
v1.0/
├── MANIFEST.md # Comprehensive index of all assets
├── s3-buckets/ # All S3 bucket contents
│ ├── queenofsandiego.com/
│ ├── sailjada.com/
│ ├── salejada.com/
│ └── [43 other buckets]
├── lambda/ # Function code + config
│ ├── [function-name]/
│ │ ├── index.js
│ │ ├── config.json
│ │ └── env-vars.json # (sanitized)
│ └── [20 more functions]
├── cloudfront/ # Distribution configs
│ ├── distributions.json
│ └── [66 individual configs]
├── route53/ # DNS records
│ ├── zones.json
│ └── [16 zone exports]
├── dynamodb/ # Table schemas
├── gas/ # Google Apps Script projects
│ ├── booking-automation/
│ ├── rady-replacement/
│ ├── rady-legacy/
│ └── eyd-events/
├── local-repos/ # Git repositories
│ ├── queenofsandiego.com/
│ ├── tools/
│ └── memory/
└── iam-policies/ # Role policies (sanitized)
Key Decisions
Parallel Agents Over Sequential Download
Running four agents in parallel reduced snapshot time from ~4 hours (sequential) to ~45 minutes. Each agent worked independently on a separate aspect of the infrastructure, minimizing blocking operations. This required careful file path isolation to prevent write conflicts.
Lightsail Snapshot vs. File Copy
The Lightsail instance snapshot captures disk state including running processes, cron jobs, and temporary files. A file copy would miss ephemeral state that might be crucial for understanding active automation workflows.
Sanitization of Secrets
All snapshots had credentials, API keys, and database passwords