build.allanninal.dev

Part 7 of 7 · Deadline reminder series ~8 min read

Engineering reference: the deadline reminder architecture

Same system, drawn for engineers. Region, service names, resource identifiers, Bedrock model IDs, Lambda inventory, IAM scopes, the SES inbound rule set, EventBridge Scheduler config, the DynamoDB schemas, and the Slack interactive flow. Read alongside the previous six posts; this one’s the build sheet.

Region and account shape

Default region: ap-southeast-1 (Singapore). SES inbound, Bedrock cross-Region inference, and EventBridge Scheduler are all in good shape there. A second region for multi-region resilience isn’t worth the extra setup work at SMB volume — the failure mode for an SMB is somebody missing a filing reminder, not a regional outage. One AWS account dedicated to the system (separate from your other workloads) keeps the IAM blast radius small and lets a single AWS Budgets alarm cover the whole thing.

Topology

AWS topology of the deadline reminder A topology diagram with three regions stacked vertically inside one AWS account boundary. Top region: ingress. Three boxes show the three intake lanes — a Drive sheet sync via the drive-sync Lambda triggered every 15 minutes by EventBridge Scheduler that mirrors the calendar CSV to s3://dr-calendar-source/, an SES inbound rule set with action S3 PUT to s3://dr-raw-mime/ plus the parser Lambda intake-ses-parser that runs Textract on PDFs and Bedrock Haiku 4.5 to propose a deadline row for Slack approval, and a calendar-sync Lambda triggered hourly by EventBridge Scheduler that polls Google Calendars for events tagged hashtag-deadline and proposes rows the same way. Middle region: scheduled processing. The checker Lambda is triggered daily at 8am local by EventBridge Scheduler; it reads s3://dr-calendar-source/calendar.csv, iterates rows, computes days_to_due per deadline, looks up the lead-time chain in s3://dr-rules-source/rules.txt, reads done and reminder state from DynamoDB, and emits one of three events to the EventBridge default bus per deadline that needs an action: dr.first_reminder, dr.follow_up, or dr.escalate. Bottom region: dispatch and completion. The dispatch Lambda is triggered by an EventBridge rule on those three event types; it resolves the owner, checks quiet hours and the holiday calendar, fetches the reminder template from s3://dr-rules-source/voice.txt, posts the message to Slack via incoming webhook with Done, Snooze, and Ack-only buttons or sends an email via SES outbound, and writes a row to DynamoDB dr-reminders. Slack interactive button clicks land on a Function URL Lambda done-handler that updates dr-done with the action (done, snooze, ack-only) and, on done, rolls the next due date forward and updates the calendar sheet via the Google Sheets API. CloudWatch Logs collects from every Lambda at 7-day retention. Across the right edge: a small box labelled AWS Budgets alarm at $15 monthly threshold, posting to SNS topic dr-cost-alarm. A note at the bottom: every reminder leaves with full context — and every interaction is logged to dr-audit. Ingress Lambda · drive-sync every 15 min Sheets API → s3://dr-calendar-source/ calendar.csv SES inbound rule set dr-inbound-rules action: S3 PUT s3://dr-raw-mime/ trigger: intake-ses-parser Lambda · calendar-sync hourly poll Calendar API for events tagged #deadline → Slack proposal Drive deadline sheet canonical store · mirrored to S3 Scheduled processing EventBridge Scheduler cron(0 8 * * ? *) in TZ_NAME target: checker Lambda + deferred one-offs Lambda · checker reads CSV from S3 + rules.txt + voice.txt computes days, picks one of four moves EventBridge default bus dr.first_reminder dr.follow_up dr.escalate (clear → no event) Dispatch & completion Lambda · dispatch resolves owner, quiet hours, holidays; Slack webhook or SES outbound Slack interactive DM with [Done] [Snooze] [Ack only] button clicks → Function URL Lambda · done-handler writes dr-done, dr-audit, and on done rolls the date, updates via Sheets API Every reminder leaves with full context — and every interaction is logged to dr-audit.
Fig 7. AWS topology, in three regions of the diagram: ingress (three lanes into the calendar), scheduled processing (the daily checker emitting events), dispatch and completion (the reminder ships and the owner’s response is recorded). Every Lambda is event- or schedule-driven; nothing is synchronous-chained.

Lambda functions

All Lambdas use the arm64 architecture, the smallest memory size that meets latency targets (typically 256 MB), Python 3.14 runtime, and CloudWatch Logs at 7-day retention. Each function has its own least-privilege IAM role. None run inside a VPC.

  • drive-sync — EventBridge Scheduler target, fires every 15 minutes. Uses the Google Drive API + Sheets API (service-account credentials in Secrets Manager under dr/drive/sa) to export the deadline sheet as CSV and write to s3://dr-calendar-source/calendar.csv only if the sheet has changed since the last sync. Same pattern syncs the rules and voice docs to s3://dr-rules-source/. Memory: 256 MB. Timeout: 30 s.
  • calendar-sync — EventBridge Scheduler target, hourly. Uses the Google Calendar API events.list to scan configured calendars for events with #deadline in the description; for any new events, creates a Slack interactive proposal message, reading the recurrence rule for the repeat interval if the event has one. For lower-latency setups you can switch to events.watch and have Calendar push notifications to a Function URL instead of polling, at the cost of renewing the channel before it expires (Calendar push channels have a finite TTL and need a small refresh job). Memory: 256 MB. Timeout: 30 s.
  • intake-ses-parser — S3 PUT trigger on s3://dr-raw-mime/. Parses MIME, extracts the PDF attachment, runs Textract via StartDocumentTextDetection + StartDocumentAnalysis (asynchronously to handle multi-page notices). On Textract completion (via SNS notification), reads the structured text and calls Bedrock Haiku 4.5 (anthropic.claude-haiku-4-5-20251001-v1:0 via global.anthropic.claude-haiku-4-5-20251001-v1:0) to propose a deadline row, including a repeat interval if the notice states one. Posts the proposal to Slack via the incoming webhook with Approve/Edit/Discard buttons. For DOCX attachments (Textract doesn’t accept them), falls back to python-docx; XLSX uses openpyxl. Both packages are stable and widely used in 2026, though their maintenance velocity is light — for a notice-parsing path that only runs a few times a month, that’s acceptable. If extraction precision becomes a concern, the active community fork python-docx-oss is a drop-in alternative. Memory: 512 MB. Timeout: 60 s.
  • checker — EventBridge Scheduler target, daily at 8am local time (the schedule expression runs in TZ_NAME set to the SMB’s timezone, e.g. Asia/Singapore). Reads s3://dr-calendar-source/calendar.csv and the rules and voice docs. For each row, computes days_to_due, reads chain state from dr-reminders and dr-done, decides on a move. Emits one event per row that needs action: dr.first_reminder, dr.follow_up, or dr.escalate, with the deadline context as the event payload. Clear deadlines emit nothing. Memory: 512 MB. Timeout: 60 s. No Bedrock calls.
  • dispatch — EventBridge rule on the three move events. Resolves owner, checks quiet hours and holiday calendar, formats the reminder from the voice template, and ships via Slack incoming webhook (dr/slack/webhook in Secrets Manager) or SES SendRawEmail. On quiet-hours or holiday defer, creates a one-off EventBridge Scheduler rule that re-invokes dispatch at the next available business minute. Writes a row to dr-reminders after a successful send. Memory: 256 MB. Timeout: 30 s.
  • done-handler — Lambda Function URL, public with AuthType: NONE; verifies a Slack signature on the request body. Triggered by Slack interactive button clicks (Done/Snooze/Ack-only) and by email-link clicks. Writes to dr-done and dr-audit; on done, rolls the next due date forward by the repeat interval, updates the Drive sheet via the Sheets API, and archives the old cycle in dr-reminders-archive. Memory: 256 MB. Timeout: 15 s.
  • digest — EventBridge Scheduler target, weekly Sunday 6pm. Reads dr-reminders for the past week and the calendar; sends a digest message to a configured Slack channel summarizing reminders sent and deadlines coming up. No Bedrock; the message is a plain summary table. Memory: 256 MB.
  • summary — EventBridge Scheduler target, monthly on the first Monday at 9am. Reads the past month’s dr-reminders, dr-done, and dr-audit; calls Bedrock Haiku 4.5 to write a one-paragraph owner narrative (what was handled, what slipped, what is due next month); emails it via SES to the configured stakeholder list. Memory: 512 MB.

Storage

  • DynamoDB · dr-reminders — one row per dispatch. PK (deadline_id, step_index); attributes: sent_date, dispatched_via (slack/email), recipient, move (first_reminder/follow_up/escalate). On-demand. No TTL.
  • DynamoDB · dr-done — one row per completion or deferral. PK deadline_id; sort key cycle_due_date; attributes: action (done/snooze/ack-only), by_user, snooze_until (if action = snooze), old_due, new_due (if action = done). On-demand.
  • DynamoDB · dr-audit — one row per write action of any kind. PK (deadline_id, ts); attributes: action, by_user, before, after. On-demand. No TTL — this is the long-term audit trail.
  • DynamoDB · dr-reminders-archive — archived chains after a cycle is done. Same shape as dr-reminders; PK (deadline_id, cycle_id, step_index). On-demand.
  • S3 · dr-calendar-source — mirrored CSV from the Drive deadline sheet. Versioning enabled. Lifecycle to Glacier at 90 days; expiry at 7 years.
  • S3 · dr-rules-source — mirrored rules and voice docs as plain text. Versioning enabled.
  • S3 · dr-raw-mime — raw inbound MIME from forwarded notices. Lifecycle to Glacier at 30 days; expiry at 7 years.
  • S3 · dr-source-notices — the parsed source notices after the inbox parser handles them, kept for reference if the deadline row links to one.

Bedrock

  • Foundation model. anthropic.claude-haiku-4-5-20251001-v1:0 via the Global cross-Region inference profile global.anthropic.claude-haiku-4-5-20251001-v1:0. Two callsites: intake-ses-parser for the inbox notice parsing, and summary for the monthly owner narrative. Claude Sonnet 4.6 (anthropic.claude-sonnet-4-6-20250930-v1:0) is wired but unused by default — it’s only worth switching the parser to Sonnet if you start forwarding dense multi-page legal notices where Haiku’s extraction precision falls short.
  • Embeddings. Not used. The calendar is structured rows; deterministic lookup beats vector retrieval here. No Knowledge Base, no S3 Vectors.
  • Quotas. Default account quotas are more than enough at SMB volume. The checker itself doesn’t call Bedrock; the parsing lane fires a few times a month at most.

EventBridge Scheduler config

  • dr-daily-checkcron(0 8 * * ? *) in the SMB’s timezone. Target: checker Lambda.
  • dr-drive-syncrate(15 minutes). Target: drive-sync Lambda.
  • dr-calendar-syncrate(1 hour). Target: calendar-sync Lambda.
  • dr-weekly-digestcron(0 18 ? * SUN *) in TZ. Target: digest Lambda.
  • dr-monthly-summarycron(0 9 ? * 2#1 *) (first Monday at 9am) in TZ. Target: summary Lambda.
  • One-off rules — created on the fly by dispatch when a quiet-hours or holiday defer is needed. Use at(YYYY-MM-DDTHH:MM:SS) expressions with --action-after-completion DELETE so the rule self-cleans.

SES inbound and outbound

  • Set the MX record on a dedicated subdomain (e.g. deadlines.your-company.com) to inbound-smtp.ap-southeast-1.amazonaws.com.
  • SES inbound rule set dr-inbound-rules: one rule with recipient deadlines@your-company.com → spam scan → S3 PUT to s3://dr-raw-mime/<message-id> → stop. The S3 PUT triggers intake-ses-parser.
  • SES outbound for the email-fallback reminders: verify a sender identity at deadlines@your-company.com with DKIM and SPF on the parent domain. Out of sandbox by request.

IAM (least privilege per Lambda)

Each Lambda has its own role with policies scoped to exact ARNs. Sketch:

  • checker role: s3:GetObject on the calendar, rules, and voice keys; dynamodb:Query + GetItem on dr-reminders, dr-done; events:PutEvents on the default bus. No bedrock:*.
  • dispatch role: events:ListSchedules + CreateSchedule for the deferred-dispatch one-offs; secretsmanager:GetSecretValue on the Slack webhook secret; ses:SendRawEmail from the verified sender identity; dynamodb:PutItem on dr-reminders; outbound network access to hooks.slack.com.
  • done-handler role: dynamodb:PutItem on dr-done and dr-audit; secretsmanager:GetSecretValue on the Sheets-API service-account secret; outbound network access to sheets.googleapis.com; dynamodb:Query for chain state lookup; on done, dynamodb:BatchWriteItem for archiving the old cycle to dr-reminders-archive.
  • intake-ses-parser role: s3:GetObject on dr-raw-mime; textract:StartDocumentTextDetection + StartDocumentAnalysis; bedrock:InvokeModel on the Haiku ARN; secretsmanager:GetSecretValue on the Slack webhook.
  • drive-sync and calendar-sync roles: secretsmanager:GetSecretValue on the Google service-account secret; s3:PutObject on the calendar and rules buckets; outbound network to www.googleapis.com.

Slack interactive flow

The Slack incoming webhook is the simplest delivery surface but doesn’t support interactive button responses. So the reminder messages are posted via the chat.postMessage Web API instead, with Block Kit blocks containing the action buttons. Button clicks are sent by Slack to the configured Interactivity request URL, which is the done-handler Function URL. done-handler verifies the Slack signing secret on the inbound request, parses the action_id (done, snooze, ack_only), opens a modal if needed (Snooze opens a modal; Done is one-tap or a small date confirm; Ack-only is one-tap), and processes the response when the modal is submitted.

The Slack app needs chat:write, im:write, and the Interactivity URL configured. The bot token lives in Secrets Manager under dr/slack/bot-token. The signing secret is dr/slack/signing-secret.

Observability and cost gates

  • CloudWatch Logs: all Lambdas, 7-day retention, structured JSON. Subscription filter on "error" + "throttle" + "timeout" to a CloudWatch metric for alerting.
  • Alarms: checker Lambda failures > 0 in a day (the daily check is the one piece that has to run); dispatch failure rate > 1% in 24h; done-handler signature-verification failures > 5/hour (might mean the Slack secret rotated).
  • X-Ray: off by default. Not worth the cost at SMB volume.
  • AWS Budgets: $15/month threshold, alarm at 80% and 100%, posts to SNS topic dr-cost-alarm subscribed to the on-call admin’s email and Slack.

Config and secrets

Service-account credentials for Drive, Sheets, and Calendar APIs all live in Secrets Manager under dr/drive/sa (one service account with scopes for all three APIs). Slack bot token, signing secret, and webhook URL all under dr/slack/*. SES sender identity lives in IAM and the verified-domain config. The configured timezone, holiday list reference, quiet-hours window, repeat-interval defaults, and admin fallback owner all live in Parameter Store under /dr/config/. Lambdas fetch config on cold start and cache for the lifetime of the execution environment.

Deploy

GitHub Actions with OIDC into a deploy role (no long-lived keys) and AWS SAM for the stack. The opinionated bits: deploy the SES rule set as a separate stack (rule-set changes affect mail flow), turn on S3 versioning for both dr-calendar-source and dr-rules-source so a bad Drive edit can be rolled back in one click, and version the EventBridge Scheduler timezone setting so you don’t accidentally start running the daily check in UTC after a CI rotation. A SAM template covers it cleanly; CDK with a Python stack file also fits. Total deployable surface: around eight Lambdas, four DDB tables, four S3 buckets, one EventBridge rule on the default bus (plus the Scheduler rules), one SES rule set, and one Budgets alarm.

That’s the full system. Six narrative posts and this engineering reference. If you want to talk about adapting it for your business, see Work with me.

All posts