Added files

Author: Archana Venkitaramanan

apigw-lambda-rekognition/README.md

@@ -0,0 +1,97 @@
+# Content safety with Image Moderation using AWS API Gateway and AWS Lambda
+
+Using this sample pattern, users can access AWS API Gateway to generate a pre-signed URL through an AWS Lambda function, using which they can upload images to an Amazon S3 bucket. This URL allows secure and temporary access for uploading files directly to S3.
+
+Once an image is uploaded, an S3 event triggers another Lambda function that uses the DetectModerationLabels API to analyze the content. If the image is identified as inappropriate, a notification is sent via Amazon SNS, ensuring automated content moderation and alerting.
+
+Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-lambda-rekognition
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.cxom/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ``` 
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+1. Change directory to the pattern directory:
+    ```
+    cd apigw-lambda-rekognition
+    ```
+1. From the command line, initialize terraform to downloads and installs the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+1. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+1. During the prompts
+    #var.prefix
+    - Enter a value: {enter any prefix to associate with resources}
+
+    #var.region
+    - Enter a value: {enter the region for deployment}
+
+## Testing
+
+1. After deploying the stack, create a Subscriber for your Amazon SNS topic (For ex, your email) and confirm the subscription.
+    https://docs.aws.amazon.com/sns/latest/dg/sns-create-subscribe-endpoint-to-topic.html
+
+1. Make a POST request to the API using the following cURL command:
+
+    curl --location 'https://<api-id>.execute-api.<region>.amazonaws.com/dev/generate-presigned-url' --header 'Content-Type: text/plain' --data '{"object_name": "image.png", "content_type": "image/png"}'
+
+    Note: Replace 'api-id' with the generated API ID from Terraform, 'region' with the region where the API is deployed, 'object_name' with your desired name for the S3 object and 'content_type' with the content type of the image, for ex, png or jpeg
+
+1. Get the pre-signed URL from the previous step and use the following cURL command to upload the object in S3:
+
+    curl --location --request PUT '<presigned-url>' --header 'Content-Type: image/png' --data '<path-of-the-object>.png'
+
+    Note: Replace 'presigned-url' with pre-signed URL generated in the previous step. 'Content-Type' should match the content type used to generate the pre-signed URL in the previous step. Make sure you are passing the correct path of the object in the --data parameter.
+
+1. Once the object is uploaded successfully, the Lambda function will be invoked and if the image is inappropirate, a message is sent to the SNS Topic, which is then received by the subscriber.
+
+## Cleanup
+ 
+1. Delete the SNS Subscription:
+    Go to SNS > Subsciptions > Select your Subscription and click on Delete
+
+    https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html
+
+1. Delete all the objects from S3:
+    Go to S3 > Select all the objects > Click on Delete
+
+    https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-objects.html
+    https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-multiple-objects.html
+
+1. Change directory to the pattern directory:
+    ```
+    cd serverless-patterns/apigw-lambda-rekognition
+    ```
+
+1. Delete all created resources
+    ```
+    terraform destroy
+    ```
+    
+1. During the prompts:
+    ```
+    Enter all details as entered during creation.
+    ```
+
+1. Confirm all created resources has been deleted
+    ```
+    terraform show
+    ```
+----
+Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

apigw-lambda-rekognition/example-pattern.json

@@ -0,0 +1,62 @@
+{
+  "title": "Content safety with Image Moderation using AWS API Gateway and AWS Lambda",
+  "description": "Create a Lambda function which will send a notification when an inappropriate image is uploaded in Amazon S3",
+  "language": "Python",
+  "level": "200",
+  "framework": "Terraform",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "This sample project utilizes API Gateway to generate an S3 Pre-signed URL via Lambda function, enabling users to upload images to an S3 bucket. Upon successful upload, an S3 event triggers another Lambda function to analyze the image using DetectModerationLabels API. If the image is deemed inappropriate, a notification is sent through SNS. This ensure secure uploads and automated content moderation. Use cases include user-generated content platforms and e-commerce websites, where secure image uploads and automated content moderation are essential."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/apigw-lambda-rekognition",
+      "templateURL": "serverless-patterns/apigw-lambda-rekognition",
+      "projectFolder": "apigw-lambda-rekognition",
+      "templateFile": "main.tf"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Uploading objects with presigned URLs",
+        "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/PresignedUrlUploadObject.html"
+      },
+      {
+        "text": "Moderating content",
+        "link": "https://docs.aws.amazon.com/rekognition/latest/dg/moderation.html"
+      },
+      {
+        "text": "DetectModerationLabels",
+        "link": "https://docs.aws.amazon.com/rekognition/latest/APIReference/API_DetectModerationLabels.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "terraform init",
+      "terraform apply"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "terraform destroy",
+      "terraform show"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Archana V",
+      "image": "https://media.licdn.com/dms/image/D5603AQF_QwVjCkS_UQ/profile-displayphoto-shrink_200_200/0/1670929520771?e=1724284800&v=beta&t=FFJJko4OO8h1tCFrxMyneTyRPAKmyEmIaDOYOeTaFEk",
+      "bio": "Cloud Support Engineer at AWS",
+      "linkedin": "archana-venkat-9b80b7184"
+    }
+  ]
+}

apigw-lambda-rekognition/generate_presigned_url.zip

@@ -0,0 +1,145 @@
+variable "region" {}
+
+provider "aws" {
+  region  = "${var.region}"
+}
+variable "prefix" {
+  description = "Prefix for S3 bucket name"
+  type        = string
+}
+resource "aws_s3_bucket" "upload_bucket" {
+  bucket = "${lower(var.prefix)}-s3-upload"
+}
+resource "aws_sns_topic" "sns_topic" {
+  name = "SNS-Topic"
+}
+resource "aws_iam_role" "lambda_role" {
+  name = "${lower(var.prefix)}-lambda_execution_role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+resource "aws_iam_role_policy" "lambda_policy" {
+  name = "lambda_policy"
+  role = aws_iam_role.lambda_role.id
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ],
+        Resource = "*"
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "s3:PutObject",
+          "s3:GetObject",
+          "s3:ListBucket"
+        ],
+        Resource = [
+          aws_s3_bucket.upload_bucket.arn,
+          "${aws_s3_bucket.upload_bucket.arn}/*"
+        ]
+      },
+      {
+        Effect = "Allow",
+        Action = "sns:Publish",
+        Resource = aws_sns_topic.sns_topic.arn
+      },
+      {
+        Effect = "Allow",
+        Action = "rekognition:DetectModerationLabels",
+        Resource = "*"
+      }
+    ]
+  })
+}
+resource "aws_lambda_function" "generate_presigned_url" {
+  filename         = "generate_presigned_url.zip"
+  function_name    = "generate_presigned_url"
+  role             = aws_iam_role.lambda_role.arn
+  handler          = "generate_presigned_url.lambda_handler"
+  runtime          = "python3.8"
+  timeout          = 30
+  environment {
+    variables = {
+      BUCKET_NAME = aws_s3_bucket.upload_bucket.bucket
+    }
+  }
+}
+resource "aws_lambda_function" "process_s3_event" {
+  filename         = "process_s3_event.zip"
+  function_name    = "process_s3_event"
+  role             = aws_iam_role.lambda_role.arn
+  handler          = "process_s3_event.lambda_handler"
+  runtime          = "python3.8"
+  timeout          = 60
+  environment {
+    variables = {
+      SNS_TOPIC_ARN = aws_sns_topic.sns_topic.arn
+    }
+  }
+}
+resource "aws_s3_bucket_notification" "s3_bucket_notification" {
+  bucket = aws_s3_bucket.upload_bucket.id
+  lambda_function {
+    lambda_function_arn = aws_lambda_function.process_s3_event.arn
+    events              = ["s3:ObjectCreated:*"]
+  }
+}
+resource "aws_lambda_permission" "allow_s3" {
+  statement_id  = "AllowS3InvokeLambda"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.process_s3_event.function_name
+  principal     = "s3.amazonaws.com"
+  source_arn    = aws_s3_bucket.upload_bucket.arn
+}
+resource "aws_api_gateway_rest_api" "api" {
+  name        = "PresignedURLAPI"
+  description = "API for generating presigned URLs"
+}
+resource "aws_api_gateway_resource" "resource" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  parent_id   = aws_api_gateway_rest_api.api.root_resource_id
+  path_part   = "generate-presigned-url"
+}
+resource "aws_api_gateway_method" "method" {
+  rest_api_id   = aws_api_gateway_rest_api.api.id
+  resource_id   = aws_api_gateway_resource.resource.id
+  http_method   = "POST"
+  authorization = "NONE"
+}
+resource "aws_api_gateway_integration" "integration" {
+  rest_api_id             = aws_api_gateway_rest_api.api.id
+  resource_id             = aws_api_gateway_resource.resource.id
+  http_method             = aws_api_gateway_method.method.http_method
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = "arn:aws:apigateway:${var.region}:lambda:path/2015-03-31/functions/${aws_lambda_function.generate_presigned_url.arn}/invocations"
+}
+resource "aws_lambda_permission" "allow_api_gateway" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.generate_presigned_url.function_name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*/*"
+}
+resource "aws_api_gateway_deployment" "deployment" {
+  depends_on = [aws_api_gateway_integration.integration]
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  stage_name = "dev"
+}