As of Sep-2023 AWS has introduced a large and still-growing list of AI/ML services that seamlessly interoperate with other infrastructure and services in the AWS ecosystem. This solution is based fundamentally on AWS Rekognition, one of AWS' two vision services.
Additionally, this solution leverages the following AWS serverless services:
- Rekognition: a cloud-based software as a service computer vision platform that was launched in 2016. It is an AWS managed Machine Learning Service with Content moderation, Face compare and search, Face Detection and analysis, Labeling, Custom labels, Text detection, Celebrity recognition, Video segment detection and Streaming Video Events detection features. It is used by a number of United States government agencies, including U.S. Immigration and Customs Enforcement and Orlando, Florida police, as well as private entities.
- IAM: a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
- S3: Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface. Amazon S3 uses the same scalable storage infrastructure that Amazon.com uses to run its e-commerce network.
- DynamoDB: a fully managed proprietary NoSQL database offered by Amazon.com as part of the Amazon Web Services portfolio. DynamoDB offers a fast persistent Key-Value Datastore with built-in support for replication, autoscaling, encryption at rest, and on-demand backup among other features.
- Lambda: an event-driven, serverless computing platform provided by Amazon as a part of Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. It was introduced on November 13, 2014.
- API Gateway: an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale.
- Certificate Manager: handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.
- Route53: a scalable and highly available Domain Name System service. Released on December 5, 2010.
- CloudWatch: CloudWatch enables you to monitor your complete stack (applications, infrastructure, network, and services) and use alarms, logs, and events data to take automated actions and reduce mean time to resolution (MTTR).
Deploys a URL endpoint for uploading an Image file to S3. S3 is configured to invoke a Lambda function on 'put' events. The Lambda function sends the image file to Rekognition, which will analyze the contents for any facial features found, returning a JSON file of this format. Individual facial features are persistened in DynamoDB, and are searchable by Rekognition 'faceprint'.
Deploys a URL endpoint for uploading an image file to be analyzed by Rekognition. The 'faceprint' of the dominant face in the image is searched against all indexed faces in DynamoDB. Usually, this will be the largest face in the image, but the algorithm also considers other factors, including facial angle to the camera. Returns a JSON file of this format.
The terraform scripts will automatically create a collection of CloudWatch Log Groups. Additionally, note the Terraform global variable 'debug_mode' (defaults to 'true') which will increase the verbosity of log entries in the Lambda functions, which are implemented with Python.
I refined the contents and formatting of each log group to suit my own needs while building this solution, and in particular while coding the Python Lambda functions.
Index faces are persisted to a DynamoDB table as per the two screen shots below. The AWS DynamoDB console includes a useful query tool named PartiQL which you can use to inspect your Rekognition output. See this sample DynamoDB Rekognition output file.
Indexed images are persisted to S3, essantially as an archive as well as for future development of additional features such as an endpoint to download indexed images and their corresponding Rekognition faceprint output.
This solution passes large image files around to and from various large opaque backend services. Take note that using Postman to transport these image files from your local computer to AWS requires that we first base64-encode the file. Base64 encoding schemes are commonly used to encode binary data, like image files, for storage or transfer over media that can only deal with ASCII text.
This repo includes a utility script base64encode.sh that you can use to encode your test images prior to uploading these with Postman.
Much of the code in this repository was scaffolded from these examples that I found via Google and Youtube searches. Several of these are well-presented, and they provide additional instruction and explanetory theory that I've omitted, so you might want to give these a look.
- YouTube - Create your own Face Recognition Service with AWS Rekognition, by Tech Raj
- Personnel Recognition with AWS Rekognition — Part I
- Personnel Recognition with AWS Rekognition — Part II
- Webhook for S3 Bucket By Terraform (REST API in API Gateway to proxy Amazon S3)
- how to use AWS API Gateway URL end points with Postman
- Testing API Gateway Endpoints
- How do I upload an image or PDF file to Amazon S3 through API Gateway?
- Upload files to S3 using API Gateway - Step by Step Tutorial
- Tutorial: Create a REST API as an Amazon S3 proxy in API Gateway