Event-driven Image Recognition with AWS Serverless Repository

Question

Pulumi · Accepted Answer

To set up an event-driven image recognition system using AWS services, we'll architect a solution that involves several key components:

1. **Amazon S3 (Simple Storage Service)**: An object storage service that will store the images to be processed.
2. **AWS Lambda**: A serverless compute service that will run code in response to events (like the addition of an image to an S3 bucket) without provisioning or managing servers.
3. **Amazon Rekognition**: A service that makes it easy to add image and video analysis to your applications.

Here's the flow of the event-driven image recognition system:

- An image is uploaded to an S3 bucket.
- The upload triggers an event notification that invokes an AWS Lambda function.
- The Lambda function sends the image to Amazon Rekognition for processing.
- Amazon Rekognition analyzes the image and returns labels or other metadata.
- The Lambda function can then take further action, such as storing the results in a database or sending a notification.

Let's create a Pulumi program in Python that sets up this architecture:

```python
import pulumi
import pulumi_aws as aws

# Create an Amazon S3 bucket where images will be stored
images_bucket = aws.s3.Bucket("imagesBucket")

# Create an IAM role that allows Lambda to call AWS services on your behalf
lambda_exec_role = aws.iam.Role("lambdaExecRole", assume_role_policy=aws.iam.get_policy_document(statements=[{
    "Effect": "Allow",
    "Principal": {"Service": "lambda.amazonaws.com"},
    "Action": "sts:AssumeRole",
}]))

# Attach the required policies to the Lambda execution role
# This includes permissions for logging and invoking Amazon Rekognition
rekognition_policy = aws.iam.Policy("rekognitionPolicy",
    policy=pulumi.Output.all(images_bucket.arn).apply(lambda images_bucket_arn: {
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "rekognition:DetectLabels",
            ],
            "Resource": "*",
        }, {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
            ],
            "Resource": f"{images_bucket_arn}/*",
        }]
    }))

aws.iam.RolePolicyAttachment("rekognitionPolicyAttachment",
    role=lambda_exec_role.name,
    policy_arn=rekognition_policy.arn)

# Define the Lambda function
image_recognition_lambda = aws.lambda_.Function("imageRecognitionLambda",
    code=pulumi.FileArchive("./lambda.zip"), # Your Lambda function's deployment package
    role=lambda_exec_role.arn,
    handler="index.handler", # The function within your code that Lambda calls
    runtime="python3.8")

# Create an S3 bucket event that triggers the Lambda function
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=images_bucket.id,
    lambda_functions=[aws.s3.BucketNotificationLambdaFunctionArgs(
        lambda_function_arn=image_recognition_lambda.arn,
        events=["s3:ObjectCreated:*"],
        filter_suffix=".jpg", # Trigger only for .jpg files
    )])

# Give Lambda permission to be invoked by S3
lambda_permission = aws.lambda_.Permission("lambdaPermission",
    action="lambda:InvokeFunction",
    function=image_recognition_lambda,
    principal="s3.amazonaws.com",
    source_arn=images_bucket.arn,
    source_account=pulumi.config.require('aws:accountId')) # Ensure your AWS account ID is set in Pulumi config

# Export the names of the bucket and the Lambda function
pulumi.export('images_bucket_name', images_bucket.bucket)
pulumi.export('image_recognition_lambda_name', image_recognition_lambda.name)
```

The `lambda.zip` referenced in the `image_recognition_lambda` resource should be a zip archive containing your Python Lambda function code. Ensure the handler is appropriately set to point to your function within the code.

Additionally, this example uses `pulumi.FileArchive("./lambda.zip")` to package the Lambda function code. You need to create the zip file with your code and dependencies and place it in the same directory as your Pulumi program.

Please replace `index.handler` with the file and handler function names in your actual Lambda code. Also, ensure you have correct permissions to access the resources and that you have set your AWS account ID in the Pulumi config.

This program will set up the necessary infrastructure on AWS, creating a serverless image recognition system that is event-driven, responding to new images uploaded to the S3 bucket. Each time a new `.jpg` file is uploaded, the Lambda function will be invoked, which in turn sends the image to Amazon Rekognition for label detection. The results can be handled within the Lambda function (e.g., storing them in a database, sending notifications, etc.).