Today I tackled user profile management in my serverless financial app. I added AWS S3 for profile pictures and a Nuclear Button for absolute data deletion. (The Avatar Upload) Sending binary files through API Gateway can be tricky. Instead of dealing with multipart/form-data natively in the API Gateway, I converted the images to base64 in React. My Python Lambda takes this string, decodes it, and uses boto3 (s3_client.put_object) to store the image in an S3 bucket with an ACL of 'public-read'. (The Nuclear Button) Soft deletes are easy, but real privacy requires hard deletes. When a user clicks "Delete Account" in the React Danger Zone, the Lambda function executes two critical steps: DynamoDB Purge: It queries the Single-Table design for the user's ID and uses a batch_writer to destroy every single record (transactions, preferences, semantic profiles). Cognito Annihilation: It uses the cognito-idp client (admin_delete_user) to completely remove the user identity from the User Pool.…