[PYTHON] Build serverless facial recognition with Terraform (Amazon Rekognition)

Hello, I'm SRE engineers do you have @hayaosato. Previously, I made a serverless video face analysis application using Amazon Rekognition (hereinafter, rekognition). The article at that time is here This time, by defining the infrastructure of the application with Terraform, we are trying to make it a serverless and fully coded application at once. The code is here

application

What kind of function will be implemented as a review of the last time? Analyze the video given in S3 with face_detection of rekognition. After that, as soon as the analysis is completed, the JSON of the analysis result will be notified on Slack.

infrastructure

From here, the main subject is to create a serverless application with Terraform at once. The system configuration is as follows. 顔面みっけ君システム.jpg Here, the system is roughly divided into two, before and after rekognition, but since it is necessary to have SNS etc. at the time of calling the analysis of rekognition. I will explain at once.

Constitution

IAM system

In this configuration, IAM for Lambda to execute and IAM for Rekognition to issue a message to SNS are required. IAM Role for Rekognition is also created like this. IAM Role such as calling Rekognition to Lambda itself is also made like this I will. You also need to define a delivery retry policy (HTTP / S) on your SNS, so [like this](https://github.com/hayaosato/advent-calendar-2019/blob/master/ face_detection / terraform / main.tf # L20-L36) I made it. IAM system has a lot of pain in policy tuning, so it is different whether to manage it or not, but while thinking that I want to manage it if possible, (I guess)

Lambda function

Lambda itself needs to create some accompanying resources, and the CloudWatch Log Group also like this .tf # L45-L48) Make it.

In the case of Lambda, you can zip the source code and upload it as it is by using ʻarchive_fileof the archive provider. By doing this, you can update the source code withterraform apply` without recreating it by incorporating the source code update into Terraform. Lambda function is created like this, and get_face_detection is almost You can create it in the same way.

Trigger system

The resources that trigger the Lambda function this time are S3 and SNS. S3 is like this, SNS topic is [like this](https://github.com/hayaosato/advent-calendar-2019/blob/master/face_detection/terraform/main.tf#L143- L152) Make each. However, the Lambda function will not start just by creating each resource, and the trigger setting (ʻaws_lambda_permission`) on the Lambda side is required. S3 trigger like this, SNS trigger [like this] To](https://github.com/hayaosato/advent-calendar-2019/blob/master/face_detection/terraform/main.tf#L135-L141) Create. I wrote an article about the cooperation between SNS and Lambda earlier here, so please take a look.

result

That's it. Start analysis スクリーンショット 2019-12-07 23.44.01.png Analysis completed スクリーンショット 2019-12-07 23.44.11.png Then the JSON file was uploaded to Slack.

Finally

This time, while building a serverless architecture using AWS services, we also coded the infrastructure with Terraform. Serverless is easy, and code management makes it easy to check changes, isn't it?

reference

Recommended Posts

Build serverless facial recognition with Terraform (Amazon Rekognition)
Serverless face recognition API made with Python
[Linux] Build a Docker environment with Amazon Linux 2
Build AWS EC2 and RDS with Terraform Terraform 3 minutes cooking