AWS Rekognition gives an InvalidS3Exeption error

5
votes

Every time I run the command 

aws rekognition detect-labels --image "S3Object={Bucket=BucketName,Name=picture.jpg}" --region us-east-1

I get this error.

InvalidS3ObjectException: An error occurred (InvalidS3ObjectException) when calling the DetectLabels operation: Unable to get image metadata from S3.  Check object key, region and/or access permissions.

I am trying to retrieve labels for a project I am working on but I can't seem to get past this step. I configured aws with my access key, secret key, us-east-1 region, and json as my output format.

I have also tried the code below and I receive the exact same error (I correctly Replaced BucketName with the name of my bucket.)

import boto3

BUCKET = "BucketName"
KEY = "picture.jpg"

def detect_labels(bucket, key, max_labels=10, min_confidence=90, region="eu-west-1"):
    rekognition = boto3.client("rekognition", region)
    response = rekognition.detect_labels(
        Image={
            "S3Object": {
                "Bucket": bucket,
                "Name": key,
            }
        },
        MaxLabels=max_labels,
        MinConfidence=min_confidence,
    )
    return response['Labels']


for label in detect_labels(BUCKET, KEY):
    print "{Name} - {Confidence}%".format(**label)

I am able to see on my user account that it is calling Rekognition. Image showing it being called from IAM.

It seems like the issue is somewhere with my S3 bucket but I haven't found out what.

2
amazon-web-servicesamazon-s3amazon-rekognition
It is apparent from the error that your request is reaching Rekognition, which can't access the object in the bucket. Rekognition will not make a cross-region request to S3 -- the bucket must be in the same region where you're invoking Rekognition. docs.aws.amazon.com/rekognition/latest/dg/API_S3Object.htmlMichael - sqlbot
@michael-sqlbot My bucket was in US east Ohio but the URL was saying us-east-1 so I thought it was in the Virginia one. I fixed it. I works now thank you very much.Rjbeckwith
I'm facing the same issue, but nowadays AWS doesn't specify bucket regions, as its beyond our control. What to do?Aakash Basu

2 Answers

4
votes

Region of S3 and Rekognition should be the same for stability reasons.

More info: https://forums.aws.amazon.com/thread.jspa?threadID=243999

0
votes

Kindly check your IAM Role Policies/Permissions, Also check the same for the role created for the lambda function. It's better to verify the policy using IAM Policy Checker.

I am facing a similar issue, This might due to the Permissions and Policy attached with the IAM Roles and with S3 Bucket. Need to check the metadata as well for the objects in S3 bucket.

My S3 bucket Policy:

{
"Version": "2012-10-17",
"Id": "Policy1547200240036",
"Statement": [
    {
        "Sid": "Stmt1547200205482",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::459983601504:user/veral"
        },
        "Action": [
            "s3:GetObject",
            "s3:PutObject"
        ],
        "Resource": "arn:aws:s3:::esp32-rekognition-459983601504/*"
    }
]
}

Cross-origin resource sharing (CORS):

[
{
    "AllowedHeaders": [
        "*"
    ],
    "AllowedMethods": [
        "PUT",
        "POST",
        "GET",
        "DELETE"
    ],
    "AllowedOrigins": [
        "*"
    ],
    "ExposeHeaders": []
}
]