# RESTful API Component The solution creates a RESTful API endpoint to allow communications between the webapp and the backend AWS Step Functions training and analysis state machine. No direct access to the state machine is allowed by the webapp. Each HTTP incoming request is also authenicated with AWS_IAM. The following sections describe: * The RESTful API endpoints * and IAM role policy and permission __ ## Amazon API Gateway RESTful endpoint The RESTful endpoint exposes the following operations. | Purpose | Path | Method | Query | Body | |:--------|:-----|:-------|:------|:-----| | _Training_ | | | | | | Get a list of training process statuses | /\/training | GET | stateMachine=\ | -- | | Get a specific training process status | /\/training | GET | stateMachine=\&execution=\ | -- | | Start a new training process | /\/training | POST | stateMachine=\ | see details | | _Analysis_ | | | | | | Get a list of analysis process statuses | /\/analyze | GET | stateMachine=\ | -- | | Get a specific analysis process status | /\/analyze | GET | stateMachine=\&execution=\ | -- | | Start a new analysis process | /\/analyze | POST | stateMachine=\ | see details | | _Model_ | | | | | | Get a list of Amazon Rekognition Custom Labels models | /\/model | GET | -- | -- | | Stop a running Amazon Rekognition Custom Labels model | /\/model | POST | -- | see details | | _Team_ | | | | | | Get a list of current members of the labeling team | /\/team | GET | teamName=\ | -- | | Add members to the labeling team | /\/team | POST | -- | see details | | Remove a member from the labeling team | /\/team | DELETE | teamName=\&member=\ | -- | where **\** is a named reference to an [Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-stages.html) deployment created by the solution. __ ### Get a list of training process statuses **API** ``` //training?stateMachine= ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions ListExecutions](https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListExecutions.html) to enumerate a list of executions. By default, it gets the 20 most recent executions. **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | stateMachine | state machine name | required | State Machine is created the CFN stack | | maxResults | maximum results to return | optional | Default is set to 20 | | token | string | optional | A token is returned from the previous GET call if there are more results. It is used to page the next set of results. | | filter | RUNNING, SUCCEEDED, FAILED, TIMED_OUT, or ABORTED | optional | If specified, filter by execution status | | execution | execution name | optional | Use to get a specific execution status. See more detail later | For example, ``` //training?stateMachine=ml9804-1234-gt-labeling-job ``` **Response** The response is list of executions returned from [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) API that contains detail information of each execution. ```json { "executions": [ { "executionArn": "", "stateMachineArn": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" }, ... ], "nextToken": "" } ``` __ ### Get a specific training process status **API** ``` //training?stateMachine=&execution= ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) and [GetExecutionHistory](https://docs.aws.amazon.com/step-functions/latest/apireference/API_GetExecutionHistory.html) to describe the specific execution. **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | stateMachine | state machine name | required | State Machine is created the CFN stack | | execution | execution name | required | Use to get a specific execution status. See more detail later | For example, ``` //training?stateMachine=ml9804-1234-gt-labeling-job?execution=execution-1234 ``` **Response** The response is list of executions returned from [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) API and contained detail information of each execution. ```json { "executionArn": "", "stateMachineArn": "", "name": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" } ``` __ ### Start a new training process **API** ``` //training?stateMachine=ml9804-1234-gt-labeling-job ``` **Method** ``` POST ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions StartExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html) API to start the analysis state machine execution. ```json { "input": { "bucket": "", "keys": [ "path/image.jpg", "path/video.mp4" ], "projectName": "", "trainingType": "object", "labels": [ "Label 1", "Label 2" ], } } ``` where | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | input.bucket | bucket name | required | the Amazon S3 **source** bucket created by the CFN stack | | input.keys | an array of keys | required | the S3 object key of the video file | | input.projectName | unique training project name | required | project name is used as a prefix for the labeling job and training model | | input.trainingType | object or concept | required | specify **object** to train an object detection model. Specify **concept** to train an image classification model | | input.labels | an array of labels | required | a list of label names to label your dataset and training a model | **Response** ```json { "executionArn": "", "stateMachineArn": "", "name": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" } ``` __ ### Get a list of analysis process statuses **API** ``` //analyze?stateMachine= ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions ListExecutions](https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListExecutions.html) to enumerate a list of executions. By default, it gets the 20 most recent executions. **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | stateMachine | state machine name | required | State Machine is created the CFN stack | | maxResults | maximum results to return | optional | Default is set to 20 | | token | string | optional | A token is returned from the previous GET call if there are more results. It is used to page the next set of results. | | filter | RUNNING, SUCCEEDED, FAILED, TIMED_OUT, or ABORTED | optional | If specified, filter by execution status | | execution | execution name | optional | Use to get a specific execution status. See more detail later | For example, ``` //analyze?stateMachine=ml9804-1234-analysis ``` **Response** The response is list of executions returned from [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) API that contains detail information of each execution. ```json { "executions": [ { "executionArn": "", "stateMachineArn": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" }, ... ], "nextToken": "" } ``` __ ### Get a specific analysis process status **API** ``` //analyze?stateMachine=?execution= ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) and [GetExecutionHistory](https://docs.aws.amazon.com/step-functions/latest/apireference/API_GetExecutionHistory.html) to describe the specific execution. **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | stateMachine | state machine name | required | State Machine is created the CFN stack | | execution | execution name | required | Use to get a specific execution status. See more detail later | For example, ``` //analyze?stateMachine=ml9804-1234-analysis?execution=execution-1234 ``` **Response** The response is list of executions returned from [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) API and contained detail information of each execution. ```json { "executionArn": "", "stateMachineArn": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" } ``` __ ### Start a new analysis process **API** ``` //analyze?stateMachine=ml9804-1234-analysis ``` **Method** ``` POST ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions StartExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html) API to start the analysis state machine execution. ```json { "input": { "bucket": "", "key": "path/video.mp4", "projectArn": "", "projectVersionArn": "", "inferenceUnits": 4 } } ``` where | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | input.bucket | bucket name | required | the Amazon S3 **source** bucket created by the CFN stack | | input.key | s3 object key | required | the S3 object key of the video file | | projectArn | arn | required | The ARN of your Amazon Rekognition Custom Labels project | | projectVersionArn | arn | required | The ARN of the specific project version of your Amazon Rekognition Custom Labels model | | inferenceUnits | number | required | number of inferences to start | **Response** ```json { "executionArn": "", "stateMachineArn": "", "name": "", "status": "SUCCEEDED", "startDate": "2020-06-11T07:17:32.315Z", "stopDate": "2020-06-11T07:18:08.462Z", "input": "", "output": "" } ``` __ ### Get a list of Amazon Rekognition Custom Labels models **API** ``` //model ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions ListExecutions](https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListExecutions.html) to enumerate a list of executions. By default, it gets the 20 most recent executions. **Query parameter** None **Response** The response is list of models returned from [AWS Step Functions DescribeExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeExecution.html) API that contains detail information of each execution. ```json [ { "name": "model_01", "projectArn": "", "versions": [ { "name": "model_version_01", "projectVersionArn": "", "createdAt": 1588095878479, "status": "STOPPED" } ] }, ... ] ``` __ ### Stop a running Amazon Rekognition Custom Labels model **API** ``` //model ``` **Method** ``` POST ``` **Request** The request is sent to the lambda function where it calls [AWS Step Functions StartExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html) API to start the analysis state machine execution. ```json { "action": "stop", "projectVersionArn": "" } ``` where | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | action | stop | required | action to perform. Only support 'stop' | | projectVersionArn | arn string | required | ARN of the specific project version of Amazon Rekognition Custom Labels model | **Response** None __ ### Get a list of current members of the labeling team **API** ``` //team?teamName= ``` **Method** ``` GET ``` **Request** The request is sent to the lambda function where it calls Amazon Cognito to list users from the user group (teamName). **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | teamName | labeling team name | required | the team name refers to an user group of Amazon Cognito User Pool created by the solution | For example, ``` //team?teamName=ml9804-1234-team ``` **Response** ```json [ "worker1@email.com", "worker2@email.com" ] ``` __ ### Add members to the labeling team **API** ``` //team ``` **Method** ``` POST ``` **Request** The request is sent to the lambda function where it calls Amazon Cognito service to create an user. ```json { "teamName":"ml9804-1234-team", "members":[ "worker001@email.com", "worker002@email.com" ] } ``` where | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | teamName | team name | required | an Amazon Cognito User Pool user group that attached to Amazon SageMaker Ground Truth Private Workteam | | members | an array of email addresses | required | a list of email addresses to add to the labeling team | **Response** ```json [ "worker001@email.com", "worker002@email.com" ] ``` __ ### Remove a member from the labeling team **API** ``` //team?teamName=&member= ``` **Method** ``` DELETE ``` **Request** The request is sent to the lambda function where it calls Amazon Cognito to delete the user from the user group (teamName). **Query parameter** | Key | Value | Mandatory | Description | |:--- |:------|:----------|:------------| | teamName | labeling team name | required | the team name refers to an user group of Amazon Cognito User Pool created by the solution | | member | email address | required | an email address of the member to be removed | For example, ``` //team?teamName=ml9804-1234-team&member=worker0001@email.com ``` **Response** ```json "worker001@email.com" ``` ___ ## Security HTTPS request is authenticated with a valid AWS crendential. Upon sign in to the web portal, Amazon Cognito issues a temporary AWS security credential to the authenticated user to access limited AWS resources. ### IAM Role given to an Authenticated Amazon Cognito User The authenicated user is given access to **invoke** the RESTful API endpoint and GetObject, PutObject, and ListBucket to the **source** S3 bucket. ```json { "Version": "2012-10-17", "Statement": [ { "Action": "cognito-identity:GetId", "Resource": "arn:aws:cognito-identity:::identitypool/:", "Effect": "Allow" }, { "Action": "execute-api:Invoke", "Resource": "arn:aws:execute-api:::/*/*/*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/*" ], "Effect": "Allow" } ] } ``` __ ### IAM Role used by the API backend Lambda Function The backend API lambda function is given the following permission to access specific AWS resources including Amazon S3 source bucket for getting and putting objects, AWS Step Functions traning and analysis state machines for starting and describing executions, Amazon Rekognition Custom Labels for describing and stopping a model and Amazon Cognito User Pool of the labeling team for managing label team member. ```json { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:::log-group:/aws/lambda/*", "Effect": "Allow" }, { "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::/*", "Effect": "Allow" }, { "Action": [ "states:DescribeStateMachine", "states:StartExecution", "states:ListExecutions" ], "Resource": [ "arn:aws:states:::stateMachine:ml9804--gt-labeling-job", "arn:aws:states:::stateMachine:ml9804--analysis" ], "Effect": "Allow" }, { "Action": [ "states:DescribeExecution", "states:StopExecution", "states:GetExecutionHistory" ], "Resource": [ "arn:aws:states:::execution:ml9804--gt-labeling-job:*", "arn:aws:states:::execution:ml9804--analysis:*" ], "Effect": "Allow" }, { "Action": "sagemaker:DescribeWorkteam", "Resource": "arn:aws:sagemaker:::workteam/ml9804--team", "Effect": "Allow" }, { "Action": [ "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:ListUsersInGroup" ], "Resource": "arn:aws:cognito-idp:::userpool/", "Effect": "Allow" }, { "Action": [ "sns:ListSubscriptionsByTopic", "sns:Subscribe" ], "Resource": "arn:aws:sns:::ml9804--labeling-topic", "Effect": "Allow" }, { "Action": "sns:Unsubscribe", "Resource": "*", "Effect": "Allow" }, { "Action": "rekognition:DescribeProjects", "Resource": "*", "Effect": "Allow" }, { "Action": "rekognition:DescribeProjectVersions", "Resource": "arn:aws:rekognition:::project/*/*", "Effect": "Allow" }, { "Action": "rekognition:StopProjectVersion", "Resource": "arn:aws:rekognition:::project/*/version/*/*", "Effect": "Allow" } ] } ``` ___ Next to [Training State Machine](../gt-labeling/README.md) | Back to [README](../../README.md)