Merge pull request #44 from aws-ia/fix/workshop-fixes

fix: add folder between temp directory and file

.gitignore

@@ -47,3 +47,6 @@ go.sum
 tests/*.auto.tfvars
 
 .idea
+
+.venv
+.ruby-version

VERSION

@@ -1 +1 @@
-v1.0.0
+v1.0.1

lambda/document-ingestion/s3_file_transformer/src/helpers/utils.py

@@ -71,7 +71,7 @@ def transform_image_document(input_bucket: str,file_name: str,output_bucket: str
                 lables_txt= convert_lables_to_sentence(result_lables)            
 
                 # upload descriptive text file as .txt for ingested image
-                with open (tempfile.gettempdir()+name+'.txt','w') as f:
+                with open (tempfile.gettempdir()+os.sep+name+'.txt','w') as f:
                          f.write(json.dumps(lables_txt))  
                 #s3.upload_file('/tmp/'+name+'.txt',output_bucket,name+".txt")
                 upload_file(output_bucket,f'{name}.txt',f'{name}.txt')

modules/document-ingestion/data.tf

@@ -215,6 +215,18 @@ data "aws_iam_policy_document" "file_transformer" {
     effect = "Allow"
     resources = ["*"]
   }
+
+  statement {
+    sid = "Rekognition"
+
+    actions = [
+      "rekognition:DetectModerationLabels"
+    ]
+
+    effect = "Allow"
+
+    resources = ["*"]
+  }
   #checkov:skip=CKV_AWS_356:Lambda VPC and Xray permission require wildcard
   #checkov:skip=CKV_AWS_111:Lambda VPC and Xray permission require wildcard
   #checkov:skip=CKV_AWS_109:KMS management permission by IAM user

modules/networking-resources/main.tf

@@ -27,6 +27,7 @@ resource "aws_vpc_security_group_egress_rule" "to_internet" {
   ip_protocol       = -1
   cidr_ipv4         = "0.0.0.0/0"
   security_group_id = aws_security_group.lambda.id
+  #checkov:skip=CKV_AWS_382:access to internet for lambda is required
 }
 
 resource "aws_vpc_security_group_ingress_rule" "https_within_sg" {