This Guidance helps customers streamline the age verification process when selling age-restricted items. Customers completing age verification for the first time upload a copy of their ID and an image of themselves using their device's built-in camera. AWS services verify that the image taken from the camera matches the ID provided and that the customer meets the minimum age requirement to purchase age-restricted products.
Architecture Diagram
Step 1
Customers access the front end age verification application through AWS Amplify to either register as a new age-verified customer, or to verify their age as an existing user.
Step 2
Amplify routes the requests to AWS AppSync endpoints.
Step 3
AWS AppSync uses a service integration to run the relevant AWS Step Functions express state machine.
Step 4
Customers completing age verification for the first time upload a copy of their ID (such as a driver’s license or passport) and an image of themselves (collectively referred to as “ID forms”) using their device’s built-in camera.
Step 5
ID forms are routed through AWS Lambda to the Know Your Customer (KYC) Partner platform for ID certification and self image cross-verification.
Successfully verified customers have their ID forms pushed to Amazon Simple Storage Service (Amazon S3). Their metadata is pushed to Amazon DynamoDB. Validated self images are indexed in Amazon Rekognition for use in future verification processes.
Step 6
Exceptions are routed to a queue through AWS AppSync and are verified by a manual approver using the Amplify admin user interface (UI).
Step 7
Existing customers use their device’s built-in camera to provide a facial fingerprint. Amazon Rekognition cross-checks the self image against a collection of verified users using the Amazon Rekognition SearchFacesByImage capability.
Step 8
If a match is found, the customer is verified. If no match is found, the customer is routed to the new user workflow.
Step 1
Customers access the front end age verification application through AWS Amplify to either register as a new age-verified customer, or to verify their age as an existing user.
Step 2
Amplify routes the requests to AWS AppSync endpoints.
Step 3
AWS AppSync uses a service integration to run the relevant AWS Step Functions express state machine.
Step 4
Customers completing age verification for the first time upload a copy of their ID (such as a driver’s license or passport) and an image of themselves (collectively referred to as “ID forms”) using their device’s built-in camera.
Step 5
ID forms are routed through AWS Lambda to the Know Your Customer (KYC) Partner platform for ID certification and self image cross-verification.
Successfully verified customers have their ID forms pushed to Amazon Simple Storage Service (Amazon S3). Their metadata is pushed to Amazon DynamoDB. Validated self images are indexed in Amazon Rekognition for use in future verification processes.
Step 6
Exceptions are routed to a queue through AWS AppSync and are verified by a manual approver using the Amplify admin user interface (UI).
Step 7
Existing customers use their device’s built-in camera to provide a facial fingerprint. Amazon Rekognition cross-checks the self image against a collection of verified users using the Amazon Rekognition SearchFacesByImage capability.
Step 8
If a match is found, the customer is verified. If no match is found, the customer is routed to the new user workflow.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
This Guidance does not include code artifacts, enabling you to automate development pipelines using AWS Cloud Development Kit (AWS CDK) v2, AWS CloudFormation, and Terraform for fast iteration and consistent deployments. Observability is built-in to the recommended services with process level metrics, logs, and dashboards. Extend these mechanisms to meet your needs, and create alarms in Amazon CloudWatch to inform your on-call team of any issues.
-
SecurityRead the Security whitepaper
If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a private connection between Amazon VPC and Amazon Rekognition and keep all the traffic private. By using a restricted execution role and trust policies between services, you can configure the backend Step Functions state machine to limit the access to just the services you need. Extend the security of the backend with AWS WAF, a web application firewall. Secure your frontend application further with fine-grained traffic filtering for unwanted traffic.
-
ReliabilityRead the Reliability whitepaperThe Serverless technologies make all components in this Guidance highly available. All components scale automatically because the Amazon Rekognition limits are configured based on your needs.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
Serverless technologies allow you to provision only the exact resources you use. You can test with multiple media types to maximize the performance of Amazon Rekognition. For improved performance for clients, deploy Amazon Rekognition in a multi-region architecture and consider implementing the Amazon Route 53 routing policy to further improve the end-user experience.
-
Cost OptimizationRead the Cost Optimization whitepaper
The cost of this Guidance is minimized by using serverless technologies and because Amazon Rekognition automatically scales based on demand, ensuring only the minimum resources are required.
Storage in Amazon S3 follows a consumption-based pricing model where you pay only for resources you use.
-
SustainabilityRead the Sustainability whitepaper
By using managed and serverless services, you can minimize the environmental impact of the backend services. A critical component for sustainability is to maximize the usage of the AWS services such as Amazon Rekognition, as covered in the Performance Efficiency and Cost Optimization pillars.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.