Implemented authenticated demo

Lambda Background Remover

A small image-processing demo that uploads source PNGs to private S3, runs a bounded Lambda transform, and returns a short-lived transparent PNG link.

Status Implemented demo
AWS focus
CognitoAPI GatewayLambdaS3DynamoDB TTL
ID
Authenticated reviewer Identity
ID
Cognito hosted login Identity
API
API Gateway authorizer API Gateway
L
Lambda URL broker Lambda
S3
S3 private source PNG S3
L
Lambda PNG transformer Lambda
DDB
DynamoDB provisioned table DynamoDB
S3
S3 transparent PNG output S3

Problem

A background remover is an approachable live demo, but public image processing can create cost and abuse risk if uploads, execution time, and output storage are not bounded.

Design

  • The browser signs in with Cognito and sends the ID token to API Gateway.
  • Lambda validates the reviewer email claim before issuing a presigned S3 upload.
  • The source PNG uploads directly to private S3, keeping binary data out of API Gateway.
  • A second authenticated request tells Lambda to process the caller's own S3 key.
  • The first implementation uses a dependency-free PNG transform that removes a solid corner background and writes a transparent PNG result.
  • The output is returned through a short-lived presigned GET URL rather than a public object.

Cost and abuse controls

Reviewer accounts are limited to three processing runs per day, PNG files are capped at 1 MB and one million pixels, Lambda memory and timeout are modest, API Gateway throttling protects the route, and temporary S3 objects expire after two days.

Tradeoff

This is intentionally not a paid computer-vision or generative AI service in the first version. The point is to show serverless file handling, auth, bounded processing, and cost-aware design before introducing heavier image models.