Serverless Reference Architecture: Image Moderation Chatbot
Administrators of large channels in popular chat apps can struggle to protect their users from trolls posting explicit or suggestive images. The Image Moderation Chatbot Serverless reference architecture solves this problem by using Amazon API Gateway, AWS Lambda, and Amazon Rekognition's image moderation deep learning feature to check images contained in messages posted to channels for explicit or suggestive content. Image moderation provides a hierarchical list of labels for each image with confidence scores to enable fine-grained control over what images to allow. Images found to contain explicit or suggestive content labels above a minimum confidence interval are automatically removed by the bot, and a message explaining the removal is posted by the bot to the originating channel.
This repository contains sample code for all the Lambda functions depicted in the diagram below as well as an AWS CloudFormation template for creating the functions and related resources.
To see some of the other powerful features of Amazon Rekognition in action check out the Image Recognition and Processing Backend Serverless reference architecture
Walkthrough of the Architecture
- A user posts a message containing an image to a chat app channel that’s monitored by a chatbot.
- The chat app posts the event to an Amazon API Gateway API for the chatbot.
- The chatbot validates the event. This event triggers an AWS Lambda function that downloads the image.
- Amazon Rekognition’s image moderation feature checks the image for suggestive or explicit content.
- The chat app API deletes an image containing explicit or suggestive content from the chat channel.
- The chatbot uses the chat app API to post a message to the chat channel detailing deletion of the image.
Running the Example
First make sure you're logged in to Slack, then follow these instructions to prep your bot:
- Create an app (Documentation)
- From the
Basic Informationtab under
Settingstake note of the
Verification Tokenas it will be required later
- Navigate to the
OAuth & Permissionstab under
- Under the
Permissions Scopessection add the following permission scopes
Install App to Teamthen
Authorizethen note the
OAuth Access Tokenas it will be required later
Launching the Bot Backend on AWS
Option 1: Launch from Serverless Application Repository
This bot can be launched into any region that supports the underlying services from the Serverless Application Repository using the instructions below:
- Navigate to the application details page for the chatbot.
- From the region dropdown in the top right ensure you have the desired region to deploy into selected
- Input the appropriate application parameters under
Configure application parameters
- Scroll to the bottom of the page and click
Deployto deploy the chatbot
Option 2: Launch the CloudFormation Template Manually
If you would like to deploy the template manually, you need a S3 bucket in the target region, and then package the Lambda functions into that S3 bucket by using the
aws cloudformation package utility.
Set environment variables for later commands to use:
S3BUCKET=[REPLACE_WITH_YOUR_BUCKET] REGION=[REPLACE_WITH_YOUR_REGION] STACKNAME=[REPLACE_WITH_DESIRED_NAME] VTOKEN=[REPLACE_WITH_VERIFICATION_TOKEN] ATOKEN=[REPLACE_WITH_OAUTH_ACCESS_TOKEN]
Then go to the
cloudformation folder and use the
aws cloudformation package utility
cd cloudformation aws cloudformation package --region $REGION --s3-bucket $S3BUCKET --template image_moderator.serverless.yaml --output-template-file image_moderator.output.yaml
Last, deploy the stack with the resulting yaml (
image_moderator.output.yaml) through the CloudFormation Console or command line:
aws cloudformation deploy --region $REGION --template-file image_moderator.output.yaml --stack-name $STACKNAME --capabilities CAPABILITY_NAMED_IAM --parameter-overrides VerificationToken=$VTOKEN AccessToken=$ATOKEN
Finalize Slack Event Subscription
- Navigate to the created stack in the CloudFormation console and note the value for the
RequestURLoutput from the created stack as it will be required later
- Return to the Slack app settings page for the Slack app created earlier
- Navigate to the
Event Subscriptionstab under
Featuresand enable events
- In the
Request URLfield enter the
RequestURLvalue noted earlier
Add Workspace Eventand select
Testing the Example
To test the example open your Slack bot and attempt to upload the sample images from the Amazon Rekognition console demo, which can be downloaded from the links below:
Cleaning Up the Stack Resources
To remove all resources created by this example, do the following:
- Delete the CloudFormation stack.
- Delete the CloudWatch log groups associated with each Lambda function created by the CloudFormation stack.
CloudFormation Template Resources
The following sections explain all of the resources created by the CloudFormation template provided with this example.
- ImageModeratorFunction - Lambda function that validates incoming Slack event messages, checks them for images containing explicit content, and orchestrates the removal of images found to contain explicit content from Slack.
- ImageModeratorFunctionImageModeratorAPIPostPermissionTest - Implicitly created Lambda permission, allows API Gateway Test stage to call Lambda function.
- ImageModeratorFunctionImageModeratorAPIPostPermissionProd - Implicitly created Lambda permission, allows API Gateway Prod stage to call Lambda function.
- ImageModeratorFunctionRole - Implicitly created IAM Role with policy that allows Lambda function to invoke "rekognition:DetectLabels" and "rekognition:DetectModerationLabels" API calls and write log messages to CloudWatch Logs.
Amazon API Gateway
- ImageModeratorAPI: - API for image moderation chatbot
- ImageModeratorAPIProdStage - Implicitly created production stage for API
- ImageModeratorAPIDeploymentXXXXXXXXX - Implicitly created deployment for production stage of API
This reference architecture sample is licensed under Apache 2.0.