AWS Machine Learning Blog
Build Your Own Face Recognition Service Using Amazon Rekognition
March 2025: This post was reviewed and updated for accuracy.
Amazon Rekognition is a service that simplifies adding image analysis to your applications. It uses the same proven, highly scalable deep learning technology developed by Amazon’s computer vision scientists to analyze billions of images daily for Amazon Prime Photos. Its facial recognition feature allows you to find similar faces within large image collections.
In this post, we demonstrate how to create a face recognition service using Amazon Rekognition with Amazon DynamoDB and AWS Lambda. You can build a system to create, update, and search face databases for uses like automated image library identification, access control, and more.
Solution overview
This solution uses the face recognition capabilities of Amazon Rekognition through a serverless architecture. When you upload an image to an Amazon Simple Storage Service (Amazon S3) bucket, it triggers a Lambda function that processes the image using Amazon Rekognition. The solution stores face metadata and image references in DynamoDB tables for efficient searching and indexing.
The workflow operates in two main phases: face indexing and face recognition.
Phase 1: Face indexing
The system creates a collection of known faces by indexing images containing faces you want to recognize. When an image is uploaded to the designated S3 bucket, Lambda processes it using the Amazon Rekognition IndexFaces
API, which extracts facial features and stores them as searchable vectors. The face metadata and image reference are then saved in DynamoDB.
The following diagram outlines the workflow for indexing.
The workflow consists of the following steps:
- The user uploads an image to an S3 bucket.
- The upload triggers a Lambda function.
- The Lambda function issues an index face request to Amazon Rekognition.
- Amazon Rekognition accesses the object from Amazon S3.
- Amazon Rekognition sends the response data to the Lambda function.
- HEAD object metadata is sent from Amazon S3 to the Lambda function.
- The function populates an index in DynamoDB.
Phase 2: Face recognition
When searching for faces, another Lambda function processes the target image using the Amazon Rekognition SearchFacesByImage
API. This compares the target face against the indexed collection and returns matching results based on a configurable similarity threshold. The matches are retrieved from DynamoDB and returned to the client.
The following diagram outlines the workflow for analysis.
The workflow consists of the following steps:
- The client sends a
SearchFaceByImage
request to Amazon Rekognition. - Amazon Rekognition returns face matches to the client.
- The user can look up the
ImageId
from the client in DynamoDB.
Prerequisites
To implement this solution, you should have an AWS account with the appropriate permissions.
Deploy the solution using AWS CloudFormation
If you want to get started quickly, launch the following AWS CloudFormation template:
For the manual walkthrough, make sure that you replace the resource names with your own values. A couple of resources need to be prepared to allow us to index the faces of our existing images.
Create a collection
We start by creating a collection within Amazon Rekognition. A collection is a container for persisting faces detected by the IndexFaces
API. You can choose to create one container to store all faces or create multiple containers to store faces in groups.
Your use case will determine the indexing strategy for your collection as follows:
- Face match – You want to find a match for a face within a collection of faces (as in our current example). Face matching technology applies to a wide range of use cases. For example: adding VIP groups to an approved list, identifying and denying bad actors, or supporting various logging scenarios. In such cases, you will generate a single collection containing numerous faces.
- Face verification – For identity verification using face recognition (like access control), a separate collection is created for each person. You will store a variety of face samples per person to improve the match rate. This also lets you add samples of different appearances to the recognition model; for instance, someone who has grown a beard.
- Social tagging – When automatically tagging friends on social networks, use one collection per user.
For more information about use cases and indexing strategies, refer to the Amazon Rekognition Developer Guide.
Amazon Rekognition doesn’t store copies of the analyzed images. Instead, it stores face feature vectors as the mathematical representation of faces within the collection. This is commonly known as a thumbprint or a faceprint. You can manage collection containers through the API. Alternatively, if you have installed and configured the AWS Command Line Interface (AWS CLI), you can use the following command:
The user or role that executes the commands must have permissions in AWS Identity and Access Management (IAM) to perform those actions. AWS provides a set of managed policies that help you get started quickly. For our example, you need to apply the following minimum managed policies to your user or role:
AmazonRekognitionFullAccess
AmazonDynamoDBFullAccess
AmazonS3FullAccess
IAMFullAccess
It is recommended that you follow IAM best practices for production implementations, which are beyond the scope of this post.
Create a DynamoDB table
Next, we create a DynamoDB table. DynamoDB is a fully managed cloud database that supports both document and key-value store models. We demonstrate using DynamoDB as a key-value store to link the Amazon Rekognition FaceId
with a person’s full name.
You can use either the AWS Management Console, the API, or the AWS CLI to create the table. For the AWS CLI, use the following command, which is documented in the AWS CLI Command Reference:
For the IndexFaces
operation, you can provide the images as bytes or make them available to Amazon Rekognition inside an S3 bucket. In our example, we upload the images to an S3 bucket.
Again, you can create a bucket either from the console or from the AWS CLI. In the AWS CLI, use the following command, which is documented in the AWS CLI Command Reference:
As shown earlier in the architecture diagram, we have separated the processes of image upload and face detection into two parts. Although all the preparation steps were performed from the AWS CLI, we use a Lambda function to process the images that we uploaded to Amazon S3.
Create an IAM role
We need to create an IAM role granting our function access to S3 objects, the Amazon Rekognition IndexFaces function, and to create DynamoDB entries that map FaceId and a person’s full name.
By now, you will have noticed that we prefer AWS CLI over the use of the console. For detailed instructions for creating service roles using the AWS CLI, refer to Creating a role for a service (AWS CLI). To create the service role for Lambda, we need two JSON files that describe the trust and access policies: trust-policy.json
and access-policy.json
.
The following code is for trust-policy.json
:
The following code is for access-policy.json
:
For the access policy, make sure that you replace aws-region
, account-id
, and the actual names of the resources (for example, bucket-name
and family_collection
) with the names of the resources in your environment.
Now you can use the AWS CLI again to create the service role that the indexing Lambda function will use to retrieve temporary credentials for authentication.
As described in Creating a role for a service (AWS CLI), you first need to create the role that includes the trust policy:
Next, attach the access policy to the role:
Create a Lambda function
The last step is creating an Amazon S3 triggered Lambda function for uploading images. Complete the following steps:
- On the Lambda console, choose Functions in the navigation pane.
- Choose Create function.
- Enter a name for the Lambda function and choose Python 3.13 for Runtime.
- For Role, choose Choose an existing role, and then choose the role you created earlier.
- Keep other settings as default and choose Create function.
- After you create the function, choose Add trigger.
- Choose S3 as the source, then search for the bucket you created.
- Configure the values for Event types and Prefix as shown in the following screenshot.
This makes sure your Lambda function is triggered only when new objects that start with a key matching the index/
pattern are created within the bucket.
- Choose Add to create the Lambda trigger.
- Return to the Lambda function you just created and enter the following Python code into the code source:
In a nutshell, the script performs two major activities:
- It uses the Amazon Rekognition
IndexFaces
API to detect the face in the input image and add it to the specified collection. - If successful, it retrieves the full name of the person from the metadata of the object in Amazon S3. Then it stores this as a key-value tuple with the
FaceId
in the DynamoDB table for later reference.
Indexing
We seed the face collection by uploading our images to Amazon S3. We again use a short Python snippet for this example. This code steps through a list where each entry shows a file path and the person in the image.
Look closely at line 16 in the following code example. Here, we add additional metadata to the objects in Amazon S3. The Lambda function uses this metadata to extract the full name of the person within the image. To suit your needs, you can adjust this process by incorporating extra metadata or importing the metadata definition from a database or file.
To maximize the matching rate for individuals, we add several reference images per person to the image database. It also provides additional matching logic to further enhance the results.
Analysis
After the collection is populated, we can query it by passing in other images that contain faces. Using the SearchFacesByImage
API, you need to provide at least two parameters: the name of the collection to query and the reference to the image to analyze. You can either provide a reference to the S3 bucket name and object key of the image or provide the image itself as a byte stream.
In the following example, we demonstrate how to submit the image as a byte stream. In response, Amazon Rekognition returns a JSON object containing the FaceId
values of the matches. This object includes a confidence score and the coordinates of the face within the image, among other metadata, as documented in the API reference.
An additional matching process could further enhance this. For example, if we received three matches for Person A and a confidence score of over 90% each, and one match for Person B with a confidence of 85% or below, we can reasonably assume that the person was indeed Person A. Based on your business requirements, you could also return fuzzy matches like this to a human process step for validation.
Enhancements
For the analysis phase, Amazon Rekognition only matches the most visible face in each image. If your image contains multiple people, you first need to use the DetectFaces
API to retrieve the individual bounding boxes of the faces within the image. You can then use the retrieved x,y coordinates to cut out the faces from the image and submit them individually to the SearchFacesByImage
API.
We extend the face box boundaries by 10% in each direction to simplify cropping. Although ideally the box should be repositioned and reoriented to match head tilts, expanding the crop area serves as an effective workaround. This works reliably because Amazon Rekognition only detects the largest face in an image, and even a 50% larger crop won’t capture a face bigger than the one already identified.
To supplement the manual process previously described, consider creating a Lambda function that includes your face detection code. To improve the process, store the names of detected individuals in a database (such as DynamoDB) instead of simply displaying them on the console. This allows you to detect faces within an extensive collection of images at scale.
Conclusion
In this post, we provided a guide to designing and building your own face recognition service. We shared insights on integrating Amazon Rekognition with other AWS services, including Lambda, Amazon S3, DynamoDB, and IAM. With these services at your disposal, you’re well-equipped to create a personalized solution that can detect, index, and recognize faces across various scenarios—from organizing family photos and managing vast image libraries to implementing simple access control systems.
The possibilities are endless for using face recognition technology. We can’t wait to see what innovative solutions you will create!
To extend your knowledge even further, learn how to find distinct people in a video with Amazon Rekognition.
About the Authors
Christian Petters is a Solutions Architect for Amazon Web Service in Germany. He has a background in the design, implementation, and operation of large-scale web and groupware applications. At AWS, he helps customers assemble the right building blocks to address their business challenges.
Shashank Chinchli is a Solutions Architect at AWS. With over 13 years of industry experience in cloud architecture, systems engineering, and application development, he specializes in helping businesses build efficient and scalable solutions on AWS. Notably, he has earned 13 AWS certifications and a Golden Jacket, reflecting his exceptional expertise. Outside of work, Shashank enjoys staying active with HIIT workouts and exploring his passion for music.
Achintya Veer Singh is a Solutions Architect at AWS based in Bangalore. He works with AWS customers to address their business challenges by designing secure, performant, and scalable solutions using the latest cloud technologies. He is passionate about technology and enjoys building and experimenting with AI/ML and generative AI. Outside of work, he enjoys cooking, reading non-fiction books, and spending time with his family.
Aashi Agrawal is a Solutions Architect at AWS, where she specializes in the analytics domain. She guides customers through the transformative process of migration and modernization. With a blend of visionary architecture and robust security, she crafts resilient systems and seamlessly integrates cutting-edge AI/ML services, including the marvels of generative AI, into their technological tapestry. Outside of work, she loves to explore new things and discover new music.
Audit History
Last reviewed and updated in March 2025 by Shashank Chinchli, Achintya Veer Singh and Aashi Agrawal | Solutions Architect