Projects

Building an Image Analyzer

Serverless
Lambda
Rekognition
API Gateway
S3

Deploying a fully serverless image analysis backend using S3, Lambda, API Gateway and Rekognition.

Introduction

This project provisions a fully serverless image analysis backend on AWS using Terraform.

It allows clients to securely upload images to S3 via presigned URLs and processes them with AWS Rekognition to detect faces and analyze emotions.

The infrastructure is fully automated, scalable and follows least-privilege security principles.

Services Used

  • Amazon S3
  • AWS Lambda
  • Amazon API Gateway
  • Amazon Rekognition
  • AWS IAM
  • Terraform

Architecture

Configuration

1. Local architecture definition

  • Defined centralized infrastructure configuration.
  • Declared Lambda functions, IAM roles and routes.
  • Used Terraform for_each.
  • Enabled scalable infrastructure.

2. S3 bucket creation

  • Created upload bucket.
  • Blocked public access.
  • Used S3 as storage backend.

3. IAM role creation

  • Created Lambda execution role.
  • Configured trust policy.
  • Applied secure boundaries.

4. IAM policy assignment

  • Dynamic IAM policies.
  • Least privilege model.
  • CloudWatch access.
  • Rekognition permissions.

5. Lambda packaging (.py files)

  • ZIP packaging.
  • Change detection using hashes.
  • Automatic deployment artifacts.

6. API GW creation

  • HTTP API provisioning.
  • Public endpoint creation.

7. API integration setup

  • Lambda integrations.
  • AWS_PROXY integration.

8. Route configuration

Configured routes:

GET /upload-url

POST /analyze

9. Lambda Invocation Permissions

  • Granted API Gateway access.
  • Scoped execution permissions.

10. Deployment stage configuration

  • Default stage.
  • Automatic deployment.

11. Output exposure

  • Terraform outputs.
  • Simplified testing.

12. Application Testing

Generate Upload URL

curl.exe -X GET https://YOUR_API_ID.execute-api.REGION.amazonaws.com/upload-url

Store Upload URL

Save:

uploadUrl

into:

$URL

Upload Image

curl.exe -X PUT \
-H "Content-Type:image/jpeg" \
--upload-file goodphoto.jpeg "$URL"

Save File Key

Save:

fileKey

inside:

body.json

Execute Analysis

curl.exe -X POST https://YOUR_API_ID.execute-api.REGION.amazonaws.com/analyze \
-H "Content-Type: application/json" \
-d "@body.json"

Validation completed successfully.

Important Considerations

Best practices applied:

  • least privilege
  • serverless scalability
  • secure uploads
  • event-driven processing

Lessons Learned

This project helped reinforce:

  • serverless architectures
  • secure uploads
  • API integrations
  • image analysis
  • Terraform automation

Project Results

  • Fully serverless AWS backend architecture.

  • Secure direct image uploads to S3 using presigned URLs.

  • Automated face detection and emotion analysis with Rekognition.

  • Public API endpoint powered by API Gateway and Lambda.

  • Scalable and cost-efficient architecture.

  • Fully reproducible infrastructure using Terraform.

References

Project Code

You can find the Terraform code used in this project in the following GitHub directory.

View Project Directory

Comments

Loading comments...
Loading...