Administrators of large channels in popular chat apps can struggle to protect their users from trolls posting explicit or suggestive images. The Image Moderation Chatbot Serverless reference architecture solves this problem by using Amazon API Gateway, AWS Lambda, and Amazon Rekognition's image moderation deep learning feature to check images contained in messages posted to channels for explicit or suggestive content. Image moderation provides a hierarchical list of labels for each image with confidence scores to enable fine-grained control over what images to allow. Images found to contain explicit or suggestive content labels above a minimum confidence interval are automatically removed by the bot, and a message explaining the removal is posted by the bot to the originating channel.
This example is intended to work with Slack, but could also be modified to work with other popular chat apps such as Facebook Messenger.
This repository contains sample code for all the Lambda functions depicted in the diagram below as well as an AWS CloudFormation template for creating the functions and related resources.
To see some of the other powerful features of Amazon Rekognition in action check out the Image Recognition and Processing Backend Serverless reference architecture
- A user posts a message containing an image to a chat app channel that’s monitored by a chatbot.
- The chat app posts the event to an Amazon API Gateway API for the chatbot.
- The chatbot validates the event. This event triggers an AWS Lambda function that downloads the image.
- Amazon Rekognition’s image moderation feature checks the image for suggestive or explicit content.
- The chat app API deletes an image containing explicit or suggestive content from the chat channel.
- The chatbot uses the chat app API to post a message to the chat channel detailing deletion of the image.
First make sure you're logged in to Slack, then follow these instructions to prep your bot:
- Create an app (Documentation)
- From the
Basic Information
tab underSettings
take note of theVerification Token
as it will be required later - Navigate to the
OAuth & Permissions
tab underFeatures
- Under the
Permissions Scopes
section add the following permission scopes- channels:history
- chat:write:bot
- files:read
- files:write:user
- Click
Save Changes
- Click
Install App to Team
thenAuthorize
then note theOAuth Access Token
as it will be required later
This bot can be launched into any region that supports the underlying services from the Serverless Application Repository using the instructions below:
- Navigate to the application details page for the chatbot.
- Click
Deploy
- From the region dropdown in the top right ensure you have the desired region to deploy into selected
- Input the appropriate application parameters under
Configure application parameters
- Scroll to the bottom of the page and click
Deploy
to deploy the chatbot
If you would like to deploy the template manually, you need a S3 bucket in the target region, and then package the Lambda functions into that S3 bucket by using the aws cloudformation package
utility.
Set environment variables for later commands to use:
S3BUCKET=[REPLACE_WITH_YOUR_BUCKET]
REGION=[REPLACE_WITH_YOUR_REGION]
STACKNAME=[REPLACE_WITH_DESIRED_NAME]
VTOKEN=[REPLACE_WITH_VERIFICATION_TOKEN]
ATOKEN=[REPLACE_WITH_OAUTH_ACCESS_TOKEN]
Then go to the cloudformation
folder and use the aws cloudformation package
utility
cd cloudformation
aws cloudformation package --region $REGION --s3-bucket $S3BUCKET --template image_moderator.serverless.yaml --output-template-file image_moderator.output.yaml
Last, deploy the stack with the resulting yaml (image_moderator.output.yaml
) through the CloudFormation Console or command line:
aws cloudformation deploy --region $REGION --template-file image_moderator.output.yaml --stack-name $STACKNAME --capabilities CAPABILITY_NAMED_IAM --parameter-overrides VerificationToken=$VTOKEN AccessToken=$ATOKEN
- Navigate to the created stack in the CloudFormation console and note the value for the
RequestURL
output from the created stack as it will be required later - Return to the Slack app settings page for the Slack app created earlier
- Navigate to the
Event Subscriptions
tab underFeatures
and enable events - In the
Request URL
field enter theRequestURL
value noted earlier - Click
Add Workspace Event
and selectmessage.channels
- Click
Save Changes
To test the example open your Slack bot and attempt to upload the sample images from the Amazon Rekognition console demo, which can be downloaded from the links below:
- Family Picnic (will not be removed by bot)
- Yoga Swimwear (will be removed by bot)
To remove all resources created by this example, do the following:
- Delete the CloudFormation stack.
- Delete the CloudWatch log groups associated with each Lambda function created by the CloudFormation stack.
The following sections explain all of the resources created by the CloudFormation template provided with this example.
- ImageModeratorFunction - Lambda function that validates incoming Slack event messages, checks them for images containing explicit content, and orchestrates the removal of images found to contain explicit content from Slack.
- ImageModeratorFunctionImageModeratorAPIPostPermissionTest - Implicitly created Lambda permission, allows API Gateway Test stage to call Lambda function.
- ImageModeratorFunctionImageModeratorAPIPostPermissionProd - Implicitly created Lambda permission, allows API Gateway Prod stage to call Lambda function.
- ImageModeratorFunctionRole - Implicitly created IAM Role with policy that allows Lambda function to invoke "rekognition:DetectLabels" and "rekognition:DetectModerationLabels" API calls and write log messages to CloudWatch Logs.
- ImageModeratorAPI: - API for image moderation chatbot
- ImageModeratorAPIProdStage - Implicitly created production stage for API
- ImageModeratorAPIDeploymentXXXXXXXXX - Implicitly created deployment for production stage of API
This reference architecture sample is licensed under Apache 2.0.