Deploying AI application backends to AWS via Chalice

Deployment to AWS with Chalice is amazingly simple yet powerful. Chalice automatically translates the endpoint annotations in app.py into HTTP endpoints and deploys them onto the Amazon API Gateway as public APIs. Chalice also deploys the Python code in app.py and chalicelib as AWS Lambda functions and then connects the API gateway endpoints as triggers to these Lambda functions. This simplicity is the reason why we chose a serverless framework such as AWS Chalice to develop our hands-on projects.

When we ran the backend locally, Chalice automatically detected the AWS credentials in our development environment and made them available to the application. Which credentials will the application use when it is running in AWS? Chalice automatically creates an AWS IAM role for the application during the deployment process. Then, the application will run with the permissions that have been granted to this role. Chalice can automatically detect the necessary permissions, but this feature is considered experimental at the time of writing and does not work well with our projects' structures. For our projects, we need to tell Chalice to not perform this analysis for us by setting autogen_policy to false in the config.json file in the .chalice directory of the project structure. The following is the config.json file:

{
    "version": "2.0",
    "app_name": "Capabilities",
    "stages": {
        "dev": {
            "autogen_policy": false,
            "api_gateway_stage": "api"
        }
    }
}

Next, we need to create a new file, policy-dev.json, in the .chalice directory to manually specify the AWS services the project needs:

{
    "Version": "2012-10-17",
        "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "s3:*",
                "rekognition:*"
            ],
            "Resource": "*"
        }
    ]
}

Here, we are specifying S3 and Rekognition, in addition to some permissions to allow the project to push logs to CloudWatch.

Now, we are ready to deploy the backend on the AWS Chalice framework:

1. Run the following command within the Capabilities directory:

$ chalice deploy
Creating deployment package.
Creating IAM role: Capabilities-dev
Creating lambda function: Capabilities-dev
Creating Rest API
Resources deployed:
  - Lambda ARN: arn:aws:lambda:us-east-1:<UID>:function:Capabilities-dev
  - Rest API URL: https://<UID>.execute-api.us-east-1.amazonaws.com/api/

When the deployment is complete, in the output, Chalice will show a RESTful API URL that looks similar to https://<UID>.execute-api.us-east-1.amazonaws.com/api/, where <UID> is a unique identifier string. This is the server URL your frontend app should hit to access the application backend running on AWS.

1. Use the curl command to test the remote endpoint, as follows. You should get similar output to when we were testing with the local endpoint:

$ curl https://<UID>.execute-api.us-east-1.amazonaws.com/api/demo-object-detection
{"imageName":"beagle_on_gravel.jpg","imageUrl":"https://contents.aws.ai.s3.amazonaws.com/beagle_on_gravel.jpg","objects":[{"label":"Pet","confidence":98.9777603149414},{"label":"Hound","confidence":98.9777603149414},{"label":"Canine","confidence":98.9777603149414},{"label":"Animal","confidence":98.9777603149414},{"label":"Dog","confidence":98.9777603149414},{"label":"Mammal","confidence":98.9777603149414},{"label":"Beagle","confidence":98.0347900390625},{"label":"Road","confidence":82.47952270507812},{"label":"Dirt Road","confidence":74.52912902832031},{"label":"Gravel","confidence":74.52912902832031}]}

Congratulations! You've just deployed a serverless backend for an AI application that is highly available and scalable, running in the cloud.