search

aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:
https://docs.amplify.aws
Other
1.03k stars 549 forks source link

AccessDeniedException rekognition.model #559

Closed parnekov closed 6 years ago

parnekov commented 6 years ago

Hello. I want to compare two photos. When I connected to AWS I try to connect to AmazonRekognitionClient:

CompareFacesResult result = new AmazonRekognitionClient(credentialsProvider).compareFaces(request);

But have this error:

Caused by: com.amazonaws.services.rekognition.model.AccessDeniedException: User: arn:aws:sts::475877890857:assumed-role/wsirstpp-20181028230251-unauthRole/CognitoIdentityCredentials is not authorized to perform: rekognition:CompareFaces (Service: AmazonRekognition; Status Code: 400; Error Code: AccessDeniedException; Request ID: 7f665a07-db54-11e8-8773-2de830a9e39f)

Full code for getting information about photos:

** ByteBuffer image1 = ByteBuffer.wrap(imageSource); ByteBuffer image2 = ByteBuffer.wrap(imageTarget);

    CompareFacesRequest request = new CompareFacesRequest()
            .withSourceImage(new Image().withBytes(image1))
            .withTargetImage(new Image().withBytes(image2))
            .withSimilarityThreshold(70F);

    CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
            context,
            "us-east-2:My_pool_Id", // Identity pool ID
            Regions.US_EAST_2 // Region
    );

    CompareFacesResult result = new AmazonRekognitionClient(credentialsProvider).compareFaces(request);

    List<CompareFacesMatch> faceMatches = result.getFaceMatches();

    for (CompareFacesMatch match : faceMatches) {
        Float similarity = match.getSimilarity();
        Log.d(TAG, "run: similarity:" + similarity.toString());
  }**

What is wrong? What I did wrong in this code?

mutablealligator commented 6 years ago

@parnekov Sorry for the inconvenience caused. Have you attached the policy to compareFaces from rekognition (rekognition:compareFaces) to the UnAuth role (and/or Auth role) of your Cognito identity pool? See https://docs.aws.amazon.com/rekognition/latest/dg/using-identity-based-policies.html for details.

UPDATE: I am able to get it working with the following code:

        CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(appContext, "poolId", Regions.US_EAST_1);

        Image source = new Image().withS3Object(new S3Object().withBucket("us-east-1-bucket").withName("ms.jpg"));
        Image target = new Image().withS3Object(new S3Object().withBucket("us-east-1-bucket").withName("ms-1.jpg"));

        AmazonRekognitionClient rekognitionClient = new AmazonRekognitionClient(credentialsProvider);
        CompareFacesRequest compareFacesRequest = new CompareFacesRequest()
                .withSourceImage(source)
                .withTargetImage(target)
                .withSimilarityThreshold(70F);

        // Call operation
        CompareFacesResult compareFacesResult = rekognitionClient.compareFaces(compareFacesRequest);

        // Display results
        List <CompareFacesMatch> faceDetails = compareFacesResult.getFaceMatches();
        for (CompareFacesMatch match: faceDetails){
            ComparedFace face= match.getFace();
            BoundingBox position = face.getBoundingBox();
            System.out.println("Face at " + position.getLeft().toString()
                    + " " + position.getTop()
                    + " matches with " + face.getConfidence().toString()
                    + "% confidence.");

        }
        List<ComparedFace> uncompared = compareFacesResult.getUnmatchedFaces();

        System.out.println("There was " + uncompared.size()
                + " face(s) that did not match");
        System.out.println("Source image rotation: " + compareFacesResult.getSourceImageOrientationCorrection());
        System.out.println("target image rotation: " + compareFacesResult.getTargetImageOrientationCorrection());
parnekov commented 6 years ago

THIS IS WORK! Thank you very much!!!. Need to create a rule in Cognito identity pool, after edit rule and paste necessary policy.

Log in AWS console-> Services -> Cognito -> Manage Identity Pools ->Create New Identity Pool -> Identity Pool Name -> Unauthenticated Identities (Enabled Access if you want)->Create pool (Button) -> Your Cognito identities require access to your resources -> View Details -> Role Summary -> View Policy Document -> Edit -> "pass what you need there"

If I can help someone else- write me: oleksandr.parnekov@gmail.com.

Thank you once more "kvasukib", you helped me a lot. Have a nice work all the time!

frankmuellr commented 6 years ago

@parnekov I'm closing this issue, because it looks like this issue has been fully resolved. Let us know if you need anything else.