Architecture overview - Serverless Image Handler

Architecture overview

Deploying this solution with the default parameters builds the following environment in the AWS Cloud.

      Serverless Image Handler architecture

Figure 1: Serverless Image Handler architecture on AWS


This solution is intended for customers with public applications who want to provide an option to dynamically change or manipulate their public images. Because of these public requirements, this template creates a publicly accessible, unauthenticated Amazon CloudFront distribution and Amazon API Gateway endpoint in your account, allowing anyone to access it. For more information on Amazon API Gateway authorization, refer to the Security section.

The AWS CloudFormation template deploys the following resources:

  1. An Amazon CloudFront distribution that provides a caching layer to reduce the cost of image processing and the latency of subsequent image delivery. The CloudFront domain name provides cached access to the image handler API.

  2. Amazon API Gateway to provide endpoint resources and initiate the AWS Lambda function.

  3. A Lambda function that retrieves the image from a customer’s existing Amazon S3 bucket and uses Sharp to return a modified version of the image to the API Gateway.

  4. An Amazon S3 bucket for log storage, separate from your customer-created S3 bucket for storing images. If selected, the solution deploys an S3 bucket for storing the optional demo UI.

  5. If you activate the image URL signature feature, the Lambda function retrieves the secret value from your existing AWS Secrets Manager secret to validate the signature.

  6. If you use the smart crop or content moderation features, the Lambda function calls Amazon Rekognition to analyze your image and returns the results.


AWS CloudFormation resources are created from AWS Cloud Development Kit (AWS CDK) constructs.