To address vulnerabilities with facial recognition for identity verification, Liveness Detection Framework helps you implement liveness detection mechanisms into your applications by means of an extensible architecture. It comprises a set of APIs to process and verify liveness challenges, along with two different types of challenges provided as reference implementations. The nose challenge prompts the user to position their face inside an oval area in the center of the image and then move their nose to a target point. The second challenge prompts the user to reproduce a certain pose.


Limit spoofing attacks

Overcome vulnerabilities against spoofing attacks by augmenting a facial recognition system with some form of liveness detection.

Extend and customize

Extend the framework to implement your own liveness challenges and liveness detection algorithms. Customize the two provided challenges for additional protection from spoofing attacks.

Sample web application

Liveness Detection Framework includes a sample web application fully integrated with the provided APIs. Use it as a reference to create your own front end that fits your business needs.


Liveness Detection Framework uses Amazon Rekognition to detect the facial details needed to verify the challenge. The architecture consists of a front-end web application and a serverless backend with APIs that are invoked by the front end.

The user accesses the sample web application on their client device and interacts with their camera to complete all liveness challenge instructions. After capturing the user images (frames), the web app invokes Liveness Detection Framework APIs in the AWS Cloud.

Deploying this Guidance with the example code on GitHub builds the following environment in the AWS Cloud.

Liveness Detection Framework | Architecture diagram
 Click to enlarge

Liveness Detection Framework architecture

The code deploys the following infrastructure:

  1. An Amazon CloudFront distribution to serve the web application to the client device.
  2. An Amazon S3 source bucket to host the sample web application static files (HTML, JavaScript, and CSS).
  3. Amazon API Gateway to expose the REST/HTTP API endpoints invoked by the client device.
  4. An AWS Lambda function to process API requests. All liveness detection logic runs inside this function.
  5. An Amazon DynamoDB table to store information about each user’s challenge attempts, such as user ID, timestamp, and challenge-related parameters.
  6. An Amazon S3 object storage bucket that holds user images captured by the client device and uploaded via the APIs.
  7. Amazon Rekognition for identifying faces in an image along with their position and landmarks, such as eyes, nose, and mouth.
  8. AWS Secrets Manager to store the secrets used to sign tokens.
  9. Amazon Cognito user pool to provide user access control to the API calls.

Liveness Detection Framework

Version 1.0.0
Released: 01/2022
Author: AWS

Additional resources

Did this Guidance help you?
Provide feedback 
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more