The Image Moderator Chatbot serverless reference architecture demonstrates how to leverage Amazon Rekognition's image moderation deep learning feature to automatically remove messages containing explicit or suggestive images from channels of popular chat apps using Amazon API Gateway, AWS Lambda, and Amazon Rekognition.
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3c325b1 Aug 23, 2018

Serverless Reference Architecture: Image Moderation Chatbot

Administrators of large channels in popular chat apps can struggle to protect their users from trolls posting explicit or suggestive images. The Image Moderation Chatbot Serverless reference architecture solves this problem by using Amazon API Gateway, AWS Lambda, and Amazon Rekognition's image moderation deep learning feature to check images contained in messages posted to channels for explicit or suggestive content. Image moderation provides a hierarchical list of labels for each image with confidence scores to enable fine-grained control over what images to allow. Images found to contain explicit or suggestive content labels above a minimum confidence interval are automatically removed by the bot, and a message explaining the removal is posted by the bot to the originating channel.

This example is intended to work with Slack, but could also be modified to work with other popular chat apps such as Facebook Messenger.

This repository contains sample code for all the Lambda functions depicted in the diagram below as well as an AWS CloudFormation template for creating the functions and related resources.

To see some of the other powerful features of Amazon Rekognition in action check out the Image Recognition and Processing Backend Serverless reference architecture

screenshot for instruction

Walkthrough of the Architecture

  1. A user posts a message containing an image to a chat app channel that’s monitored by a chatbot.
  2. The chat app posts the event to an Amazon API Gateway API for the chatbot.
  3. The chatbot validates the event. This event triggers an AWS Lambda function that downloads the image.
  4. Amazon Rekognition’s image moderation feature checks the image for suggestive or explicit content.
  5. The chat app API deletes an image containing explicit or suggestive content from the chat channel.
  6. The chatbot uses the chat app API to post a message to the chat channel detailing deletion of the image.

Running the Example

Preparing Slack

First make sure you're logged in to Slack, then follow these instructions to prep your bot:

  1. Create an app (Documentation)
  2. From the Basic Information tab under Settings take note of the Verification Token as it will be required later
  3. Navigate to the OAuth & Permissions tab under Features
  4. Under the Permissions Scopes section add the following permission scopes
    • channels:history
    • chat:write:bot
    • files:read
    • files:write:user
  5. Click Save Changes
  6. Click Install App to Team then Authorize then note the OAuth Access Token as it will be required later

Launching the Bot Backend on AWS

Option 1: Launch from Serverless Application Repository

This bot can be launched into any region that supports the underlying services from the Serverless Application Repository using the instructions below:

  1. Navigate to the application details page for the chatbot.
  2. Click Deploy
  3. From the region dropdown in the top right ensure you have the desired region to deploy into selected
  4. Input the appropriate application parameters under Configure application parameters
  5. Scroll to the bottom of the page and click Deploy to deploy the chatbot

Option 2: Launch the CloudFormation Template Manually

If you would like to deploy the template manually, you need a S3 bucket in the target region, and then package the Lambda functions into that S3 bucket by using the aws cloudformation package utility.

Set environment variables for later commands to use:


Then go to the cloudformation folder and use the aws cloudformation package utility

cd cloudformation

aws cloudformation package --region $REGION --s3-bucket $S3BUCKET --template image_moderator.serverless.yaml --output-template-file image_moderator.output.yaml

Last, deploy the stack with the resulting yaml (image_moderator.output.yaml) through the CloudFormation Console or command line:

aws cloudformation deploy --region $REGION --template-file image_moderator.output.yaml --stack-name $STACKNAME --capabilities CAPABILITY_NAMED_IAM --parameter-overrides VerificationToken=$VTOKEN AccessToken=$ATOKEN

Finalize Slack Event Subscription

  1. Navigate to the created stack in the CloudFormation console and note the value for the RequestURL output from the created stack as it will be required later
  2. Return to the Slack app settings page for the Slack app created earlier
  3. Navigate to the Event Subscriptions tab under Features and enable events
  4. In the Request URL field enter the RequestURL value noted earlier
  5. Click Add Workspace Event and select message.channels
  6. Click Save Changes

Testing the Example

To test the example open your Slack bot and attempt to upload the sample images from the Amazon Rekognition console demo, which can be downloaded from the links below:

testing of example gif

Cleaning Up the Stack Resources

To remove all resources created by this example, do the following:

  1. Delete the CloudFormation stack.
  2. Delete the CloudWatch log groups associated with each Lambda function created by the CloudFormation stack.

CloudFormation Template Resources

The following sections explain all of the resources created by the CloudFormation template provided with this example.

AWS Lambda

  • ImageModeratorFunction - Lambda function that validates incoming Slack event messages, checks them for images containing explicit content, and orchestrates the removal of images found to contain explicit content from Slack.
  • ImageModeratorFunctionImageModeratorAPIPostPermissionTest - Implicitly created Lambda permission, allows API Gateway Test stage to call Lambda function.
  • ImageModeratorFunctionImageModeratorAPIPostPermissionProd - Implicitly created Lambda permission, allows API Gateway Prod stage to call Lambda function.


  • ImageModeratorFunctionRole - Implicitly created IAM Role with policy that allows Lambda function to invoke "rekognition:DetectLabels" and "rekognition:DetectModerationLabels" API calls and write log messages to CloudWatch Logs.

Amazon API Gateway

  • ImageModeratorAPI: - API for image moderation chatbot
  • ImageModeratorAPIProdStage - Implicitly created production stage for API
  • ImageModeratorAPIDeploymentXXXXXXXXX - Implicitly created deployment for production stage of API


This reference architecture sample is licensed under Apache 2.0.