made changes

Archana Venkitaramanan · Archana Venkitaramanan · commit cadc1ce783bf · 2024-07-18T19:41:13.000+05:30
diff --git a/apigw-lambda-rekognition/README.md b/apigw-lambda-rekognition/README.md
@@ -1,8 +1,8 @@
-# Content safety with Image Moderation using AWS API Gateway and AWS Lambda
+# Content safety with Image Moderation using Amazon API Gateway and AWS Lambda
 
-Using this sample pattern, users can access AWS API Gateway to generate a pre-signed URL through an AWS Lambda function, using which they can upload images to an Amazon S3 bucket. This URL allows secure and temporary access for uploading files directly to S3.
+Using this sample pattern, users can securely upload images to an Amazon S3 bucket by requesting a pre-signed URL through Amazon API Gateway.  This URL allows secure and temporary access for uploading files directly to S3.
 
-Once an image is uploaded, an S3 event triggers another Lambda function that uses the DetectModerationLabels API to analyze the content. If the image is identified as inappropriate, a notification is sent via Amazon SNS, ensuring automated content moderation and alerting.
+Once an image is uploaded, an S3 event invokes another Lambda function to analyze the content using the DetectModerationLabels API. If the image is identified as inappropriate, a notification is sent via Amazon SNS, ensuring automated content moderation and alerting.
 
 Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-lambda-rekognition
 
@@ -49,25 +49,27 @@ Important: this application uses various AWS services and there are costs associ
 
     curl --location 'https://<api-id>.execute-api.<region>.amazonaws.com/dev/generate-presigned-url' --header 'Content-Type: text/plain' --data '{"object_name": "image.png", "content_type": "image/png"}'
 
-    Note: Replace 'api-id' with the generated API ID from Terraform, 'region' with the region where the API is deployed, 'object_name' with your desired name for the S3 object and 'content_type' with the content type of the image, for ex, png or jpeg
+    Note: Replace 'api-id' with the generated API ID from Terraform, 'region' with the region where the API is deployed (refer to the Terraform Outputs section) 'object_name' with your desired name for the S3 object and 'content_type' with the content type of the image, for ex, png or jpeg
 
 1. Get the pre-signed URL from the previous step and use the following cURL command to upload the object in S3:
 
-    curl --location --request PUT '<presigned-url>' --header 'Content-Type: image/png' --data '<path-of-the-object>.png'
+    curl -v --location --request PUT '<presigned-url>' --header 'Content-Type: image/png' --data '<path-of-the-object>.png'
 
     Note: Replace 'presigned-url' with pre-signed URL generated in the previous step. 'Content-Type' should match the content type used to generate the pre-signed URL in the previous step. Make sure you are passing the correct path of the object in the --data parameter.
 
-1. Once the object is uploaded successfully, the Lambda function will be invoked and if the image is inappropirate, a message is sent to the SNS Topic, which is then received by the subscriber.
+    Once this command is run successfully and the object is uploaded, HTTP 200 OK should be seen. You can also check the S3 bucket to see if the object is uploaded correctly.
+
+1. Once the object is uploaded successfully, the "process_s3-event" Lambda function is invoked and if the image is inappropriate, a message is sent to the SNS topic, which is then received by the subscriber.
 
 ## Cleanup
  
 1. Delete the SNS Subscription:
-    Go to SNS > Subsciptions > Select your Subscription and click on Delete
+    Go to SNS > Subsciptions > Select your Subscription and choose Delete
 
     https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html
 
 1. Delete all the objects from S3:
-    Go to S3 > Select all the objects > Click on Delete
+    Go to S3 > Select all objects > choose Delete
 
     https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-objects.html
     https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-multiple-objects.html
@@ -92,6 +94,6 @@ Important: this application uses various AWS services and there are costs associ
     terraform show
     ```
 ----
-Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
 SPDX-License-Identifier: MIT-0
diff --git a/apigw-lambda-rekognition/main.tf b/apigw-lambda-rekognition/main.tf
@@ -1,20 +1,19 @@
 variable "region" {}
-
 provider "aws" {
-  region  = "${var.region}"
+  region = var.region
 }
 variable "prefix" {
-  description = "Prefix for S3 bucket name"
+  description = "Prefix to associate with the resources"
   type        = string
 }
 resource "aws_s3_bucket" "upload_bucket" {
   bucket = "${lower(var.prefix)}-s3-upload"
 }
 resource "aws_sns_topic" "sns_topic" {
-  name = "SNS-Topic"
+  name = "${lower(var.prefix)}-sns-topic"
 }
 resource "aws_iam_role" "lambda_role" {
-  name = "${lower(var.prefix)}-lambda_execution_role"
+  name = "${lower(var.prefix)}-lambda-execution-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -29,8 +28,8 @@ resource "aws_iam_role" "lambda_role" {
   })
 }
 resource "aws_iam_role_policy" "lambda_policy" {
-  name = "lambda_policy"
-  role = aws_iam_role.lambda_role.id
+  name   = "${lower(var.prefix)}-lambda-policy"
+  role   = aws_iam_role.lambda_role.id
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -68,26 +67,31 @@ resource "aws_iam_role_policy" "lambda_policy" {
     ]
   })
 }
+resource "aws_cloudwatch_log_group" "lambda_log_group" {
+  count = 2
+  name = "/aws/lambda/${lower(var.prefix)}-${element(["generate-presigned-url", "process-s3-event"], count.index)}"
+  retention_in_days = 14
+}
 resource "aws_lambda_function" "generate_presigned_url" {
-  filename         = "generate_presigned_url.zip"
-  function_name    = "generate_presigned_url"
-  role             = aws_iam_role.lambda_role.arn
-  handler          = "generate_presigned_url.lambda_handler"
-  runtime          = "python3.8"
-  timeout          = 30
+  filename      = "generate_presigned_url.zip"
+  function_name = "${lower(var.prefix)}-generate-presigned-url"
+  role          = aws_iam_role.lambda_role.arn
+  handler       = "generate_presigned_url.lambda_handler"
+  runtime       = "python3.12"
+  timeout       = 30
   environment {
     variables = {
       BUCKET_NAME = aws_s3_bucket.upload_bucket.bucket
     }
   }
 }
 resource "aws_lambda_function" "process_s3_event" {
-  filename         = "process_s3_event.zip"
-  function_name    = "process_s3_event"
-  role             = aws_iam_role.lambda_role.arn
-  handler          = "process_s3_event.lambda_handler"
-  runtime          = "python3.8"
-  timeout          = 60
+  filename      = "process_s3_event.zip"
+  function_name = "${lower(var.prefix)}-process-s3-event"
+  role          = aws_iam_role.lambda_role.arn
+  handler       = "process_s3_event.lambda_handler"
+  runtime       = "python3.12"
+  timeout       = 60
   environment {
     variables = {
       SNS_TOPIC_ARN = aws_sns_topic.sns_topic.arn
@@ -102,14 +106,14 @@ resource "aws_s3_bucket_notification" "s3_bucket_notification" {
   }
 }
 resource "aws_lambda_permission" "allow_s3" {
-  statement_id  = "AllowS3InvokeLambda"
+  statement_id  = "${lower(var.prefix)}-allow-s3-invoke-lambda"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.process_s3_event.function_name
   principal     = "s3.amazonaws.com"
   source_arn    = aws_s3_bucket.upload_bucket.arn
 }
 resource "aws_api_gateway_rest_api" "api" {
-  name        = "PresignedURLAPI"
+  name        = "${lower(var.prefix)}-presigned-url-api"
   description = "API for generating presigned URLs"
 }
 resource "aws_api_gateway_resource" "resource" {
@@ -132,14 +136,46 @@ resource "aws_api_gateway_integration" "integration" {
   uri                     = "arn:aws:apigateway:${var.region}:lambda:path/2015-03-31/functions/${aws_lambda_function.generate_presigned_url.arn}/invocations"
 }
 resource "aws_lambda_permission" "allow_api_gateway" {
-  statement_id  = "AllowAPIGatewayInvoke"
+  statement_id  = "${lower(var.prefix)}-allow-api-gateway-invoke"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.generate_presigned_url.function_name
   principal     = "apigateway.amazonaws.com"
   source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*/*"
 }
 resource "aws_api_gateway_deployment" "deployment" {
-  depends_on = [aws_api_gateway_integration.integration]
+  depends_on  = [aws_api_gateway_integration.integration]
   rest_api_id = aws_api_gateway_rest_api.api.id
-  stage_name = "dev"
+  stage_name  = "dev"
+}
+output "api_id" {
+  description = "The ID of the API Gateway REST API"
+  value       = aws_api_gateway_rest_api.api.id
+}
+output "region" {
+  description = "The AWS region where resources are deployed"
+  value       = var.region
+}
+output "s3_bucket_name" {
+  description = "The name of the S3 bucket"
+  value       = aws_s3_bucket.upload_bucket.bucket
+}
+output "sns_topic_arn" {
+  description = "The ARN of the SNS topic"
+  value       = aws_sns_topic.sns_topic.arn
+}
+output "lambda_generate_presigned_url_arn" {
+  description = "The ARN of the generate_presigned_url Lambda function"
+  value       = aws_lambda_function.generate_presigned_url.arn
+}
+output "lambda_process_s3_event_arn" {
+  description = "The ARN of the process_s3_event Lambda function"
+  value       = aws_lambda_function.process_s3_event.arn
+}
+output "lambda_generate_presigned_url_log_group" {
+  description = "The name of the CloudWatch log group for the generate_presigned_url Lambda function"
+  value       = aws_cloudwatch_log_group.lambda_log_group[0].name
+}
+output "lambda_process_s3_event_log_group" {
+  description = "The name of the CloudWatch log group for the process_s3_event Lambda function"
+  value       = aws_cloudwatch_log_group.lambda_log_group[1].name
 }
