diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs
--- a/services/identity/src/database.rs
+++ b/services/identity/src/database.rs
@@ -39,7 +39,6 @@
 use tracing::{debug, error, info, warn, Instrument};
 
 use crate::client_service::{FlattenedDeviceKeyUpload, UserRegistrationInfo};
-use crate::config::CONFIG;
 use crate::constants::{
   error_types, NONCE_TABLE, NONCE_TABLE_CREATED_ATTRIBUTE,
   NONCE_TABLE_EXPIRATION_TIME_ATTRIBUTE,
@@ -151,20 +150,7 @@
 
 impl DatabaseClient {
   pub fn new(aws_config: &AwsConfig) -> Self {
-    let client = match &CONFIG.localstack_endpoint {
-      Some(endpoint) => {
-        info!(
-          "Configuring DynamoDB client to use LocalStack endpoint: {}",
-          endpoint
-        );
-        let ddb_config_builder =
-          comm_lib::aws::ddb::config::Builder::from(aws_config)
-            .endpoint_url(endpoint);
-        DynamoDBClient::from_conf(ddb_config_builder.build())
-      }
-      None => DynamoDBClient::new(aws_config),
-    };
-
+    let client = DynamoDBClient::new(aws_config);
     DatabaseClient {
       client: Arc::new(client),
     }
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -15,6 +15,7 @@
 };
 use chrono::DateTime;
 use comm_lib::auth::AuthService;
+use comm_lib::blob::client::BlobServiceClient;
 use comm_opaque2::grpc::protocol_error_to_grpc_status;
 use tonic::{Request, Response, Status};
 use tracing::{debug, error, trace};
@@ -38,6 +39,7 @@
 #[derive(derive_more::Constructor)]
 pub struct AuthenticatedService {
   db_client: DatabaseClient,
+  blob_client: BlobServiceClient,
   comm_auth_service: AuthService,
 }
 
diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs
--- a/services/identity/src/main.rs
+++ b/services/identity/src/main.rs
@@ -1,7 +1,8 @@
 use comm_lib::auth::AuthService;
-use comm_lib::aws;
 use comm_lib::aws::config::timeout::TimeoutConfig;
 use comm_lib::aws::config::BehaviorVersion;
+use comm_lib::aws::{self, AwsConfig};
+use comm_lib::blob::client::BlobServiceClient;
 use config::Command;
 use database::DatabaseClient;
 use tonic::transport::Server;
@@ -50,6 +51,24 @@
 use grpc_services::protos::auth::identity_client_service_server::IdentityClientServiceServer as AuthServer;
 use websockets::errors::BoxedError;
 
+async fn load_aws_config() -> AwsConfig {
+  let mut config_builder =
+    comm_lib::aws::config::defaults(BehaviorVersion::v2024_03_28())
+      .timeout_config(
+        TimeoutConfig::builder()
+          .connect_timeout(Duration::from_secs(60))
+          .build(),
+      )
+      .region("us-east-2");
+
+  if let Some(endpoint) = &config::CONFIG.localstack_endpoint {
+    info!("Using Localstack. AWS endpoint URL: {}", endpoint);
+    config_builder = config_builder.endpoint_url(endpoint);
+  }
+
+  config_builder.load().await
+}
+
 #[tokio::main]
 async fn main() -> Result<(), BoxedError> {
   let filter = EnvFilter::builder()
@@ -78,27 +97,23 @@
       generate_and_persist_keypair(dir)?;
     }
     Command::Server => {
-      config::load_server_config();
+      let cfg = config::load_server_config();
       let addr = IDENTITY_SERVICE_SOCKET_ADDR.parse()?;
-      let aws_config = aws::config::defaults(BehaviorVersion::v2024_03_28())
-        .timeout_config(
-          TimeoutConfig::builder()
-            .connect_timeout(Duration::from_secs(60))
-            .build(),
-        )
-        .region("us-east-2")
-        .load()
-        .await;
+      let aws_config = load_aws_config().await;
       let comm_auth_service =
         AuthService::new(&aws_config, "http://localhost:50054".to_string());
+      let blob_client = BlobServiceClient::new(cfg.blob_service_url.to_owned());
       let database_client = DatabaseClient::new(&aws_config);
       let inner_client_service = ClientService::new(database_client.clone());
       let client_service = IdentityClientServiceServer::with_interceptor(
         inner_client_service,
         grpc_services::shared::version_interceptor,
       );
-      let inner_auth_service =
-        AuthenticatedService::new(database_client.clone(), comm_auth_service);
+      let inner_auth_service = AuthenticatedService::new(
+        database_client.clone(),
+        blob_client,
+        comm_auth_service,
+      );
       let db_client = database_client.clone();
       let auth_service =
         AuthServer::with_interceptor(inner_auth_service, move |req| {