Serverless Image Recognition with AWS Lambda and S3

Question

Pulumi · Accepted Answer

To create a serverless image recognition system with AWS Lambda and Amazon S3, we'll need to set up an S3 bucket to store images and a Lambda function that gets triggered whenever a new image is uploaded to the bucket. The Lambda function will use Amazon Rekognition, a service that makes it easy to add image analysis to your applications, to detect objects and scenes in images.

Here's an overview of the steps we'll follow in the program:

1. Create an S3 Bucket where images will be uploaded.
2. Define a Lambda Function that Amazon Rekognition will use for image recognition tasks. The code for this function will need to be provided (either uploaded as a .zip file or written inline in the code) and will generally use the AWS SDK to communicate with the Rekognition service.
3. Set up Lambda Permissions to allow S3 to invoke the Lambda function when new images are uploaded.
4. Create a S3 Bucket Notification configuration that triggers the Lambda function when a `Put` event (indicating a new upload) occurs for images.

Here's the Python program using Pulumi:

```python
import pulumi
import pulumi_aws as aws

# Create an S3 bucket to store images.
image_bucket = aws.s3.Bucket("imageBucket",
    acl="private",
    tags={
        "Name": "My image bucket",
        "Environment": "Production"
    })

# Create an IAM role that the Lambda Function will assume.
lambda_role = aws.iam.Role("lambdaRole", 
    assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [{
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
                "Service": "lambda.amazonaws.com"
            }
        }]
    }""")

# Attach the AWSLambdaBasicExecutionRole policy to the role to write logs to CloudWatch.
lambda_role_policy = aws.iam.RolePolicyAttachment("lambdaRolePolicy",
    role=lambda_role.name,
    policy_arn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole")

# Create the Lambda Function that will use Amazon Rekognition for image recognition.
image_recognition_lambda = aws.lambda_.Function("imageRecognitionLambda",
    code=pulumi.FileArchive("./function.zip"),  # Replace with the path to the Lambda deployment package.
    role=lambda_role.arn,
    handler="image_recognition.handler",  # Replace with the Lambda function entry point in the deployment package.
    runtime="python3.8",  # Select the appropriate runtime for your Lambda function.
    timeout=30,  # Maximum Lambda function timeout in seconds.
    memory_size=512)  # Lambda function memory allocation in MB.

# Give S3 the permissions to invoke the Lambda function.
lambda_permission = aws.lambda_.Permission("lambdaPermission",
    action="lambda:InvokeFunction",
    function=image_recognition_lambda.name,
    principal="s3.amazonaws.com",
    source_arn=image_bucket.arn)

# Trigger the Lambda function upon S3 bucket 'Put' event (image being uploaded).
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=image_bucket.id,
    lambda_functions=[aws.s3.BucketNotificationLambdaFunctionArgs(
        lambda_function_arn=image_recognition_lambda.arn,
        events=["s3:ObjectCreated:*"],
        filter_prefix="images/",  # Assuming you upload images into a folder named 'images/'
    )])

# Export the S3 bucket name and Lambda function name as stack outputs.
pulumi.export("bucket_name", image_bucket.id)
pulumi.export("lambda_function_name", image_recognition_lambda.id)
```

In this program, we first create an S3 bucket called `imageBucket`. Then we define an IAM role named `lambdaRole` that our Lambda function will use. We attach the necessary permissions to the role to allow the Lambda function to write logs to CloudWatch.

Next, we create a Lambda function `imageRecognitionLambda`. The Lambda function's code is assumed to be zipped and located at a path relative to the Pulumi program. You would need to replace `./function.zip` and `image_recognition.handler` with actual paths and handler names based on your Python deployment package.

We also add Lambda permissions to allow our S3 bucket to invoke the Lambda function on new image uploads (`Put` events). Finally, we create a bucket notification `bucketNotification` that specifies our S3 bucket should execute our Lambda function whenever a new image is uploaded, filtering the events to only images within a hypothetical 'images/' folder of the bucket.

After deploying this Pulumi program, you'll want to upload an image to the `images/` folder in your S3 bucket, and then check the AWS CloudWatch logs for your Lambda function to see the results of the image recognition.

Remember to install the necessary Pulumi AWS SDK with `pip install pulumi_aws` and ensure your AWS credentials are configured for Pulumi CLI to connect to your AWS account. Also, ensure the Lambda function deployment package (`function.zip`) contains all the necessary code and dependencies to handle image recognition tasks using Amazon Rekognition.