Build serverless facial recognition with Terraform (Amazon Rekognition)
Hello, I'm SRE engineers do you have @hayaosato. Previously, I made a serverless video face analysis application using Amazon Rekognition (hereinafter, rekognition). The article at that time is here This time, by defining the infrastructure of the application with Terraform, we are trying to make it a serverless and fully coded application at once. The code is here
application
What kind of function will be implemented as a review of the last time?
Analyze the video given in S3 with face_detection of rekognition.
After that, as soon as the analysis is completed, the JSON of the analysis result will be notified on Slack.
infrastructure
From here, the main subject is to create a serverless application with Terraform at once.
The system configuration is as follows.
Here, the system is roughly divided into two, before and after rekognition, but since it is necessary to have SNS etc. at the time of calling the analysis of rekognition.
I will explain at once.
Constitution
IAM system
In this configuration, IAM for Lambda to execute and IAM for Rekognition to issue a message to SNS are required.
IAM Role for Rekognition is also created like this.
IAM Role such as calling Rekognition to Lambda itself is also made like this I will.
You also need to define a delivery retry policy (HTTP / S) on your SNS, so [like this](https://github.com/hayaosato/advent-calendar-2019/blob/master/ face_detection / terraform / main.tf # L20-L36) I made it.
IAM system has a lot of pain in policy tuning, so it is different whether to manage it or not, but while thinking that I want to manage it if possible, (I guess)
Lambda function
Lambda itself needs to create some accompanying resources, and the CloudWatch Log Group also like this .tf # L45-L48) Make it.
In the case of Lambda, you can zip the source code and upload it as it is by using ʻarchive_fileof the archive provider. By doing this, you can update the source code withterraform apply` without recreating it by incorporating the source code update into Terraform.
Lambda function is created like this, and get_face_detection is almost You can create it in the same way.
Trigger system
The resources that trigger the Lambda function this time are S3 and SNS. S3 is like this, SNS topic is [like this](https://github.com/hayaosato/advent-calendar-2019/blob/master/face_detection/terraform/main.tf#L143- L152) Make each. However, the Lambda function will not start just by creating each resource, and the trigger setting (ʻaws_lambda_permission`) on the Lambda side is required. S3 trigger like this, SNS trigger [like this] To](https://github.com/hayaosato/advent-calendar-2019/blob/master/face_detection/terraform/main.tf#L135-L141) Create. I wrote an article about the cooperation between SNS and Lambda earlier here, so please take a look.
result
That's it.
Start analysis
Analysis completed
Then the JSON file was uploaded to Slack.
Finally
This time, while building a serverless architecture using AWS services, we also coded the infrastructure with Terraform. Serverless is easy, and code management makes it easy to check changes, isn't it?