# Getting started with Amazon Rekognition Getting started This section provides topics to get you started using Amazon Rekognition. If you're new to Amazon Rekognition, we recommend that you first review the concepts and terminology presented in [How Amazon Rekognition works](how-it-works.md). Before you can use Rekognition, you'll need to create an AWS account and obtain an AWS account ID. You will also want to create a user, which enables the Amazon Rekognition system to determine if you have the permissions needed to access its resources. After creating your accounts, you'll want to install and configure the AWS CLI and AWS SDKs. The AWS CLI lets you interact with Amazon Rekognition and other services through the command line, while the AWS SDKs let you use programming languages like Java and Python to interact with Amazon Rekognition. Once you have set up the AWS CLI and AWS SDKs, you can look at some examples of how to use both of them. You can also view some examples of how to interact with Amazon Rekognition using the console. The Amazon Rekognition console allows you to use the Bulk Analysis and Custom Moderation workflows. Beyond those capabilities, you can also use the console to demo a number of different Amazon Rekognition features. Note that use of the API is required to make use of most Amazon Rekognition features. **Topics** + [ # Step 1: Set up an AWS account and create a User ](setting-up.md) + [ # Step 2: Set up the AWS CLI and AWS SDKs ](setup-awscli-sdk.md) + [ # Step 3: Getting started using the AWS CLI and AWS SDK API ](get-started-exercise.md) + [ # Step 4: Getting started using the Amazon Rekognition console ](getting-started-console.md) # Step 1: Set up an AWS account and create a User Before you use Amazon Rekognition for the first time, you must complete the following tasks: 1. Sign up for an AWS account. 1. Create a User. This section of the developer guide explains why and how you'll create an AWS account and user. **Topics** + [ ## Create an AWS Account and User ](#setting-up-iam) ## Create an AWS Account and User **AWS Accounts** When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon Rekognition. You're charged only for the services that you use. With Amazon Rekognition, you pay only for the resources that you use. If you're a new AWS customer, you can get started with Amazon Rekognition for free. For more information, see [AWS Free Usage Tier](https://aws.amazon.com/free/). Refer to the upcoming [Sign up for an AWS account](#sign-up-for-aws) section for account creation instructions. If you already have an AWS account, skip account setup and create an administrative user. **Users** Services in AWS, such as Amazon Rekognition, require that you provide credentials when you access them. This is so that the service can determine whether you have permissions to access the resources owned by that service. You can create access keys for your AWS account to access the AWS CLI or APIs while using the console requires your password. However, we don't recommend that you access AWS by using the credentials for your AWS account root user. Instead, we recommend that you use AWS Identity and Access Management (IAM) to create an administrative user. You can then access AWS by using a special URL and that administrative user's credentials. If you signed up for AWS, but you haven't yet created a user for yourself, you can create one by using the IAM console. Refer to the upcoming [Create a user with administrative access](#create-an-admin) section for instructions about how to create an administrative user. ### Sign up for an AWS account If you do not have an AWS account, complete the following steps to create one. **To sign up for an AWS account** 1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup). 1. Follow the online instructions. Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad. When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks). AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [https://aws.amazon.com/](https://aws.amazon.com/) and choosing **My Account**. ### Create a user with administrative access After you sign up for an AWS account, secure your AWS account root user, enable AWS IAM Identity Center, and create an administrative user so that you don't use the root user for everyday tasks. **Secure your AWS account root user** 1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) as the account owner by choosing **Root user** and entering your AWS account email address. On the next page, enter your password. For help signing in by using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*. 1. Turn on multi-factor authentication (MFA) for your root user. For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-virt-mfa-for-root.html) in the *IAM User Guide*. **Create a user with administrative access** 1. Enable IAM Identity Center. For instructions, see [Enabling AWS IAM Identity Center](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-set-up-for-idc.html) in the *AWS IAM Identity Center User Guide*. 1. In IAM Identity Center, grant administrative access to a user. For a tutorial about using the IAM Identity Center directory as your identity source, see [ Configure user access with the default IAM Identity Center directory](https://docs.aws.amazon.com//singlesignon/latest/userguide/quick-start-default-idc.html) in the *AWS IAM Identity Center User Guide*. **Sign in as the user with administrative access** + To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user. For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*. **Assign access to additional users** 1. In IAM Identity Center, create a permission set that follows the best practice of applying least-privilege permissions. For instructions, see [ Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-started-create-a-permission-set.html) in the *AWS IAM Identity Center User Guide*. 1. Assign users to a group, and then assign single sign-on access to the group. For instructions, see [ Add groups](https://docs.aws.amazon.com//singlesignon/latest/userguide/addgroups.html) in the *AWS IAM Identity Center User Guide*. # Step 2: Set up the AWS CLI and AWS SDKs Step 2: Set up the AWS CLI and AWS SDKs **Topics** + [ # Grant programmatic access ](sdk-programmatic-access.md) + [ # Using Rekognition with an AWS SDK ](sdk-general-information-section.md) The following steps show you how to install the AWS Command Line Interface (AWS CLI) and AWS SDKs that the examples in this documentation use. There are a number of different ways to authenticate AWS SDK calls. The examples in this guide assume that you're using a default credentials profile for calling AWS CLI commands and AWS SDK API operations. For a list of available AWS Regions, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html) in the *Amazon Web Services General Reference*. Follow the steps to download and configure the AWS SDKs. **To set up the AWS CLI and the AWS SDKs** 1. Download and install the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install) and the AWS SDKs that you want to use. This guide provides examples for the AWS CLI, Java, Python, Ruby, Node.js, PHP, .NET, and JavaScript. For information about installing AWS SDKs, see [Tools for Amazon Web Services](https://aws.amazon.com/tools/). 1. Create an access key for the user you created in [Create an AWS Account and User](setting-up.md#setting-up-iam). 1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Users**. 1. Choose the name of the user you created in [Create an AWS Account and User](setting-up.md#setting-up-iam). 1. Choose the **Security credentials** tab. 1. Choose **Create access key**. Then choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this dialog box closes. After you have downloaded the CSV file, choose **Close**. 1. If you have installed the AWS CLI, you can [configure the credentials and region for most AWS SDKs by entering `aws configure` at the command prompt](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html). Otherwise, use the following instructions. 1. On your computer, navigate to your home directory, and create an `.aws` directory. On Unix-based systems, such as Linux or macOS, this is in the following location: ``` ~/.aws ``` On Windows, this is in the following location: ``` %HOMEPATH%\.aws ``` 1. In the `.aws` directory, create a new file named `credentials`. 1. Open the credentials CSV file that you created in step 2 and copy its contents into the `credentials` file using the following format: ``` [default] aws_access_key_id = your_access_key_id aws_secret_access_key = your_secret_access_key ``` Substitute your access key ID and secret access key for *your\$1access\$1key\$1id* and *your\$1secret\$1access\$1key*. 1. Save the `Credentials` file and delete the CSV file. 1. In the `.aws` directory, create a new file named `config`. 1. Open the `config` file and enter your region in the following format. ``` [default] region = your_aws_region ``` Substitute your desired AWS Region (for example, `us-west-2`) for *your\$1aws\$1region*. **Note** If you don't select a region, then us-east-1 will be used by default. 1. Save the `config` file. # Grant programmatic access You can run the AWS CLI and code examples in this guide on your local computer or other AWS environments, such as an Amazon Elastic Compute Cloud instance. To run the examples, you need to grant access to the AWS SDK operations that the examples use. **Topics** + [ ## Running code on your local computer ](#programmatic-access-general) + [ ## Running code in AWS environments ](#sdk-aws-environments) ## Running code on your local computer To run code on a local computer, we recommend that you use short-term credentials to grant a user access to AWS SDK operations. For specific information about running the AWS CLI and code examples on a local computer, see [Using a profile on your local computer](#programmatic-access-rek-examples). Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS. To grant users programmatic access, choose one of the following options. **** | Which user needs programmatic access? | To | By | | --- | --- | --- | | IAM | (Recommended) Use console credentials as temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rekognition/latest/dg/sdk-programmatic-access.html) | | Workforce identity (Users managed in IAM Identity Center) | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rekognition/latest/dg/sdk-programmatic-access.html) | | IAM | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions in [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the IAM User Guide. | | IAM | (Not recommended)Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rekognition/latest/dg/sdk-programmatic-access.html) | ### Using a profile on your local computer You can run the AWS CLI and code examples in this guide with the short-term credentials you create in [Running code on your local computer](#programmatic-access-general). To get the credentials and other settings information, the examples use a profile named `profile-name` For example: ``` session = boto3.Session(profile_name="profile-name") rekognition_client = session.client("rekognition") ``` The user that the profile represents must have permissions to call the Rekognition SDK operations and other AWS SDK operations needed by the examples. To create a profile that works with the AWS CLI and code examples, choose one of the following. Make sure the name of the profile you create is `profile-name`. + Users managed by IAM — Follow the instructions at [Switching to an IAM role (AWS CLI)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-cli.html). + Workforce identity (Users managed by AWS IAM Identity Center) — Follow the instructions at [Configuring the AWS CLI to use AWS IAM Identity Center](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html). For the code examples, we recommend using an Integrated Development Environment (IDE), which supports the AWS Toolkit enabling authentication through IAM Identity Center. For the Java examples, see [Start building with Java](https://aws.amazon.com/developer/language/java/). For the Python examples, see [Start building with Python](https://aws.amazon.com/developer/tools/#IDE_and_IDE_Toolkits). For more information, see [IAM Identity Center credentials](https://docs.aws.amazon.com/sdkref/latest/guide/feature-sso-credentials.html). **Note** You can use code to get short-term credentials. For more information, see [Switching to an IAM role (AWS API)](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_use_switch-role-api.html). For IAM Identity Center, get the short-term credentials for a role by following the instructions at [Getting IAM role credentials for CLI access](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtogetcredentials.html). ## Running code in AWS environments You shouldn't use user credentials to sign AWS SDK calls in AWS environments, such as production code running in an AWS Lambda function. Instead, you configure a role that defines the permissions that your code needs. You then attach the role to the environment that your code runs in. How you attach the role and make temporary credentials available varies depending on the environment that your code runs in: + AWS Lambda function — Use the temporary credentials that Lambda automatically provides to your function when it assumes the Lambda function's execution role. The credentials are available in the Lambda environment variables. You don't need to specify a profile. For more information, see [Lambda execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). + Amazon EC2 — Use the Amazon EC2 instance metadata endpoint credentials provider. The provider automatically generates and refreshes credentials for you using the Amazon EC2 *instance profile* you attach to the Amazon EC2 instance. For more information, see [Using an IAM role to grant permissions to applications running on Amazon EC2 instances](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) + Amazon Elastic Container Service — Use the Container credentials provider. Amazon ECS sends and refreshes credentials to a metadata endpoint. A *task IAM role* that you specify provides a strategy for managing the credentials that your application uses. For more information, see [Interact with AWS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). For more information about credential providers, see [Standardized credential providers](https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html). # Using Rekognition with an AWS SDK Working with AWS SDKs AWS software development kits (SDKs) are available for many popular programming languages. Each SDK provides an API, code examples, and documentation that make it easier for developers to build applications in their preferred language. | SDK documentation | Code examples | | --- | --- | | [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/sdk-for-cpp) | [AWS SDK for C\$1\$1 code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp) | | [AWS CLI](https://docs.aws.amazon.com/cli) | [AWS CLI code examples](https://docs.aws.amazon.com/code-library/latest/ug/cli_2_code_examples.html) | | [AWS SDK for Go](https://docs.aws.amazon.com/sdk-for-go) | [AWS SDK for Go code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2) | | [AWS SDK for Java](https://docs.aws.amazon.com/sdk-for-java) | [AWS SDK for Java code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2) | | [AWS SDK for JavaScript](https://docs.aws.amazon.com/sdk-for-javascript) | [AWS SDK for JavaScript code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3) | | [AWS SDK for Kotlin](https://docs.aws.amazon.com/sdk-for-kotlin) | [AWS SDK for Kotlin code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin) | | [AWS SDK for .NET](https://docs.aws.amazon.com/sdk-for-net) | [AWS SDK for .NET code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3) | | [AWS SDK for PHP](https://docs.aws.amazon.com/sdk-for-php) | [AWS SDK for PHP code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php) | | [AWS Tools for PowerShell](https://docs.aws.amazon.com/powershell) | [AWS Tools for PowerShell code examples](https://docs.aws.amazon.com/code-library/latest/ug/powershell_5_code_examples.html) | | [AWS SDK for Python (Boto3)](https://docs.aws.amazon.com/pythonsdk) | [AWS SDK for Python (Boto3) code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python) | | [AWS SDK for Ruby](https://docs.aws.amazon.com/sdk-for-ruby) | [AWS SDK for Ruby code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby) | | [AWS SDK for Rust](https://docs.aws.amazon.com/sdk-for-rust) | [AWS SDK for Rust code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1) | | [AWS SDK for SAP ABAP](https://docs.aws.amazon.com/sdk-for-sapabap) | [AWS SDK for SAP ABAP code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap) | | [AWS SDK for Swift](https://docs.aws.amazon.com/sdk-for-swift) | [AWS SDK for Swift code examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift) | For examples specific to Rekognition, see [Code examples for Amazon Rekognition using AWS SDKs](service_code_examples.md). **Example availability** Can't find what you need? Request a code example by using the **Provide feedback** link at the bottom of this page. # Step 3: Getting started using the AWS CLI and AWS SDK API After you've set up the AWS CLI and AWS SDKs that you want to use, you can build applications that use Amazon Rekognition. Most interactions with Amazon Rekognition happen by using the API operations, although a select few Amazon Rekognition's features have console workflows. The following topics show you how to get started with Amazon Rekognition Image and Amazon Rekognition Video via the AWS CLI or the AWS SDKs. + [Working with images](images.md) – Covers the process of analyzing images with Amazon Rekognition Image. + [Working with stored video analysis operations](video.md) - Covers the process of analyzing stored, non-streaming video with Amazon Rekognition Video. + [Working with streaming video events](streaming-video.md) - Covers the process of analyzing streaming video with Amazon Rekognition Video. The sections listed above have examples which use the AWS CLI. If you intend to use the AWS CLI, see the following section for information on how to format your API calls. ## Formatting the AWS CLI examples The AWS CLI examples in this guide are formatted for the Linux operating system. To use the samples with Microsoft Windows, you need to change the JSON formatting of the `--image` parameter, and change the line breaks from backslashes (\$1) to carets (^). For more information about JSON formatting, see [Specifying Parameter Values for the AWS Command Line Interface](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html). The following is an example AWS CLI command that's formatted for Microsoft Windows (note that these commands will not run as is, they are just formatting examples): ``` aws rekognition detect-labels ^ --image "{\"S3Object\":{\"Bucket\":\"photo-collection\",\"Name\":\"photo.jpg\"}}" ^ --region region-name ``` You can also provide a shorthand version of the JSON that works on both Microsoft Windows and Linux. ``` aws rekognition detect-labels --image "S3Object={Bucket=photo-collection,Name=photo.jpg}" --region region-name ``` For more information, see [Using Shorthand Syntax with the AWS Command Line Interface](https://docs.aws.amazon.com/cli/latest/userguide/shorthand-syntax.html). ## Next step [Step 4: Getting started using the Amazon Rekognition console](getting-started-console.md) # Step 4: Getting started using the Amazon Rekognition console Step 4: Getting started using the console The Amazon Rekognition console allows you to manage resources related to Rekognition Custom Labels and the Custom Moderation feature. The console only provides demos of other Rekognition features. This section shows you how to use a subset of Amazon Rekognition's capabilities such as object and scene detection, facial analysis, and face comparison in a set of images. For more information, see [How Amazon Rekognition works](how-it-works.md). You can also use the Amazon Rekognition API or AWS CLI to detect objects and scenes, detect faces, and compare and search faces. For more information, see [Step 3: Getting started using the AWS CLI and AWS SDK API](get-started-exercise.md). This section also shows you how to see aggregated Amazon CloudWatch metrics for Rekognition by using the Rekognition console. **Topics** + [ ## Set up console permissions ](#rekognition-console-permissions) + [ # Exercise 1: Detect objects and scenes (Console) ](detect-labels-console.md) + [ # Exercise 2: Analyze faces in an image (console) ](detect-faces-console.md) + [ # Exercise 3: Compare faces in images (console) ](compare-faces-console.md) + [ # Exercise 4: See aggregated metrics (console) ](aggregated-metrics.md) ![\[Amazon Rekognition deep learning-based image analysis product page with "Try Demo" and "Download SDKs" buttons.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/amazon-rekognition-start-page.png) ## Set up console permissions To use the Rekognition console you need to have the appropriate permissions for the role or account accessing the console. For some operations, Rekognition will automatically create an Amazon S3 bucket to store files handled during operation. If you want to store your training files in a bucket other than this console bucket, you will need additional permissions. ### Allowing console access To use the Rekognition console, you can use an IAM policy like the following one, which covers Amazon S3 and the Rekognition console. For information about assigning permissions, see Assigning permissions. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "RekognitionFullAccess", "Effect": "Allow", "Action": [ "rekognition:*" ], "Resource": "*" }, { "Sid": "RekognitionConsoleS3BucketSearchAccess", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation" ], "Resource": "*" }, { "Sid": "RekognitionConsoleS3BucketFirstUseSetupAccess", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:PutLifecycleConfiguration", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock", "s3:PutBucketCors", "s3:GetBucketCors" ], "Resource": "arn:aws:s3:::rekognition-custom-projects-*" }, { "Sid": "RekognitionConsoleS3BucketAccess", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketVersioning" ], "Resource": "arn:aws:s3:::rekognition-custom-projects-*" }, { "Sid": "RekognitionConsoleS3ObjectAccess", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:GetObjectAcl", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": "arn:aws:s3:::rekognition-custom-projects-*/*" }, { "Sid": "RekognitionConsoleManifestAccess", "Effect": "Allow", "Action": [ "groundtruthlabeling:*" ], "Resource": "*" }, { "Sid": "RekognitionConsoleTagSelectorAccess", "Effect": "Allow", "Action": [ "tag:GetTagKeys", "tag:GetTagValues" ], "Resource": "*" }, { "Sid": "RekognitionConsoleKmsKeySelectorAccess", "Effect": "Allow", "Action": [ "kms:ListAliases" ], "Resource": "*" } ] } ``` ------ ### Accesssing external Amazon S3 buckets When you first open the Rekognition console in a new AWS Region, Rekognition creates a bucket (console bucket) that's used to store project files. Alternatively, you can use your own Amazon S3 bucket (external bucket) to upload the images or manifest file to the console. To use an external bucket, add the following policy block to the preceding policy. ``` { "Sid": "s3ExternalBucketPolicies", "Effect": "Allow", "Action": [ "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectTagging", "s3:ListBucket", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::amzn-s3-demo-bucket*" ] } ``` ### Assigning permissions To provide access, add permissions to your users, groups, or roles: + Users and groups in AWS IAM Identity Center (successor to AWS Single Sign-On): Create a permission set. Follow the instructions in [Create a permission set](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html) in the *AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide*. + Users managed in IAM through an identity provider: Create a role for identity federation. Follow the instructions in [Creating a role for a third-party identity provider (federation)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp.html) in the *IAM User Guide*. + IAM users: + Create a role that your user can assume. Follow the instructions in [Creating a role for an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html) in the *IAM User Guide*. + (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in [Adding permissions to a user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*. # Exercise 1: Detect objects and scenes (Console) Exercise 1: Detect objects and scenes (console) This section shows how, at a very high level, Amazon Rekognition's objects and scenes detection capability works. When you specify an image as input, the service detects the objects and scenes in the image and returns them along with a percent confidence score for each object and scene. For example, Amazon Rekognition detects the following objects and scenes in the sample image: skateboard, sport, person, auto, car and vehicle. ![\[Person doing a stunt on a skateboard in the middle of a city street between parked cars.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/detect-scenes.png) Amazon Rekognition also returns a confidence score for each object detected in the sample image, as shown in the following sample response. ![\[Graph displaying scores for labels like Skateboard, Sport, People, Person, Human, and Parking with high confidence values around 99%.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/labels-confidence-score.png) To see all the confidence scores shown in the response, choose **Show more** in the **Labels \$1 Confidence** pane. You can also look at the request to the API and the response from the API as a reference. Request ``` { "contentString":{ "Attributes":[ "ALL" ], "Image":{ "S3Object":{ "Bucket":"console-sample-images", "Name":"skateboard.jpg" } } } } ``` Response ``` { "Labels":[ { "Confidence":99.25359344482422, "Name":"Skateboard" }, { "Confidence":99.25359344482422, "Name":"Sport" }, { "Confidence":99.24723052978516, "Name":"People" }, { "Confidence":99.24723052978516, "Name":"Person" }, { "Confidence":99.23908233642578, "Name":"Human" }, { "Confidence":97.42484283447266, "Name":"Parking" }, { "Confidence":97.42484283447266, "Name":"Parking Lot" }, { "Confidence":91.53300476074219, "Name":"Automobile" }, { "Confidence":91.53300476074219, "Name":"Car" }, { "Confidence":91.53300476074219, "Name":"Vehicle" }, { "Confidence":76.85114288330078, "Name":"Intersection" }, { "Confidence":76.85114288330078, "Name":"Road" }, { "Confidence":76.21503448486328, "Name":"Boardwalk" }, { "Confidence":76.21503448486328, "Name":"Path" }, { "Confidence":76.21503448486328, "Name":"Pavement" }, { "Confidence":76.21503448486328, "Name":"Sidewalk" }, { "Confidence":76.21503448486328, "Name":"Walkway" }, { "Confidence":66.71541595458984, "Name":"Building" }, { "Confidence":62.04711151123047, "Name":"Coupe" }, { "Confidence":62.04711151123047, "Name":"Sports Car" }, { "Confidence":61.98909378051758, "Name":"City" }, { "Confidence":61.98909378051758, "Name":"Downtown" }, { "Confidence":61.98909378051758, "Name":"Urban" }, { "Confidence":60.978023529052734, "Name":"Neighborhood" }, { "Confidence":60.978023529052734, "Name":"Town" }, { "Confidence":59.22066116333008, "Name":"Sedan" }, { "Confidence":56.48063278198242, "Name":"Street" }, { "Confidence":54.235477447509766, "Name":"Housing" }, { "Confidence":53.85226058959961, "Name":"Metropolis" }, { "Confidence":52.001792907714844, "Name":"Office Building" }, { "Confidence":51.325313568115234, "Name":"Suv" }, { "Confidence":51.26075744628906, "Name":"Apartment Building" }, { "Confidence":51.26075744628906, "Name":"High Rise" }, { "Confidence":50.68067932128906, "Name":"Pedestrian" }, { "Confidence":50.59548568725586, "Name":"Freeway" }, { "Confidence":50.568580627441406, "Name":"Bumper" } ] } ``` For more information, see [How Amazon Rekognition works](how-it-works.md). ## Detect objects and scenes in an image you provide You can upload an image that you own or provide the URL to an image as input in the Amazon Rekognition console. Amazon Rekognition returns the object and scenes, confidence scores for each object, and scene it detects in the image you provide. **Note** The image must be less than 5MB in size and must be of JPEG or PNG format. **To detect objects and scenes in an image you provide** 1. Open the Amazon Rekognition console at [https://console.aws.amazon.com/rekognition/](https://console.aws.amazon.com/rekognition/). 1. Choose **Label detection**. 1. Do one of the following: + Upload an image – Choose **Upload**, go to the location where you stored your image, and then select the image. + Use a URL – Type the URL in the text box, and then choose **Go**. 1. View the confidence score of each label detected in the **Labels \$1 Confidence** pane. For more image analysis options, see [Working with images](images.md). ## Detect objects and people in a video you provide You can upload a video that you provide as input in the Amazon Rekognition console. Amazon Rekognition returns the people, objects, and labels detected in the video. **Note** The demo video must not be more than a minute long or larger than 30 MB. It must be in MP4 file format and encoded using the H.264 codec. **To detect objects and people in a video you provide** 1. Open the Amazon Rekognition console at [https://console.aws.amazon.com/rekognition/](https://console.aws.amazon.com/rekognition/). 1. Choose **Stored Video Analysis** from the navigation bar. 1. Under **Choose a sample or upload your own**, select **Your own video** from the drop-down menu. 1. Drag and drop your video or select your video from the location where you've stored it. For more video analysis options, see [Working with stored video analysis operations](video.md) or [Working with streaming video events](streaming-video.md). # Exercise 2: Analyze faces in an image (console) Exercise 2: Analyze faces (console) This section shows you how to use the Amazon Rekognition console to detect faces and analyze facial attributes in an image. When you provide an image that contains a face as input, the service detects the face in the image, analyzes the facial attributes of the face, and then returns a percent confidence score for the face and the facial attributes detected in the image. For more information, see [How Amazon Rekognition works](how-it-works.md). For example, if you choose the following sample image as input, Amazon Rekognition detects it as a face and returns confidence scores for the face and the facial attributes detected. ![\[Smiling woman wearing sunglasses driving a yellow vintage car with open road ahead.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/sample-detect-faces.png) The following shows the sample response. ![\[Smiling young woman wearing sunglasses and looking happy, with confidence values for labels.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/detect-faces-confidence-score.png) If there are multiple faces in the input image, Rekognition detects up to 100 faces in the image. Each face detected is marked with a square. When you click the area marked with a square on a face, Rekognition displays the confidence score of that face and its attributes detected in the **Faces \$1 Confidence** pane. ## Analyze faces in an image you provide You can upload your own image or provide the URL to the image in the Amazon Rekognition console. **Note** The image must be less than 5MB in size and must be of JPEG or PNG format. **To analyze a face in an image you provide** 1. Open the Amazon Rekognition console at [https://console.aws.amazon.com/rekognition/](https://console.aws.amazon.com/rekognition/). 1. Choose **Facial analysis**. 1. Do one of the following: + Upload an image – Choose **Upload**, go to the location where you stored your image, and then select the image. + Use a URL – Type the URL in the text box, and then choose **Go**. 1. View the confidence score of one the faces detected and its facial attributes in the **Faces \$1 Confidence** pane. 1. If there are multiple faces in the image, choose one of the other faces to see its attributes and scores. # Exercise 3: Compare faces in images (console) Exercise 3: Compare faces (console) This section shows you how to use the Amazon Rekognition console to compare faces within a set of images with multiple faces in them. When you specify a **Reference face** (source) and a **Comparison faces** (target) image, Rekognition compares the largest face in the source image (that is, the reference face) with up to 100 faces detected in the target image (that is, the comparison faces), and then finds how closely the face in the source matches the faces in the target image. The similarity score for each comparison is displayed in the **Results** pane. If the target image contains multiple faces, Rekognition matches the face in the source image with up to 100 faces detected in target image, and then assigns a similarity score to each match. If the source image contains multiple faces, the service detects the largest face in the source image and uses it to compare with each face detected in the target image. For more information, see [Comparing faces in images](faces-comparefaces.md). For example, with the sample image shown on the left as a source image and the sample image on the right as a target image, Rekognition detects the face in the source image, compares it with each face detected in the target image, and displays a similarity score for each pair. ![\[Young girls laughing and embracing each other, with one girl in the center and a comparison showing same faces detected.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/sample-compare-faces.png) The following shows the faces detected in the target image and the similarity score for each face. ![\[Three sets of face images with similarity scores: 92% similarity for the first pair, 0% for the second and third pairs.\]](http://docs.aws.amazon.com/rekognition/latest/dg/images/sample-compare-faces-score.png) ## Compare faces in an image you provide You can upload your own source and target images for Rekognition to compare the faces in the images or you can specify a URL for the location of the images. **Note** The image must be less than 5MB in size and must be of JPEG or PNG format. **To compare faces in your images** 1. Open the Amazon Rekognition console at [https://console.aws.amazon.com/rekognition/](https://console.aws.amazon.com/rekognition/). 1. Choose **Face comparison**. 1. For your source image, do one of the following: + Upload an image – Choose **Upload** on the left, go to the location where you stored your source image, and then select the image. + Use a URL – Type the URL of your source image in the text box, and then choose **Go**. 1. For your target image, do one of the following: + Upload an image – Choose **Upload** on the right, go to the location where you stored your source image, and then select the image. + Use a URL – Type the URL of your source image in the text box, and then choose **Go**. 1. Rekognition matches the largest face in your source image with up to 100 faces in the target image and then displays the similarity score for each pair in the **Results** pane. # Exercise 4: See aggregated metrics (console) Exercise 4: See aggregated metrics (console) The Amazon Rekognition metrics pane shows activity graphs for an aggregate of individual Rekognition metrics over a specified period of time. For example, the `SuccessfulRequestCount` aggregated metric shows the total number of successful requests to all Rekognition API operations over the last seven days. The following table lists the graphs displayed in the Rekognition metrics pane and the corresponding Rekognition metric. For more information, see [CloudWatch metrics for Rekognition](rekognition-monitoring.md#cloudwatch-metricsdim). | Graph | Aggregated Metric | | --- | --- | | Successful calls | SuccessfulRequestCount | | Client errors | UserErrorCount | | Server errors | ServerErrorCount | | Throttled | ThrottledCount | | Detected labels | DetectedLabelCount | | Detected faces | DetectedFaceCount | Each graph shows aggregated metric data collected over a specified period of time. A total count of aggregated metric data for the time period is also displayed. To see metrics for individual API calls, choose the link beneath each graph. To allow users access to the Rekognition metrics pane, ensure that the user has appropriate CloudWatch and Rekognition permissions. For example, a user with `AmazonRekognitionReadOnlyAccess` and `CloudWatchReadOnlyAccess` managed policy permissions can see the metrics pane. If a user does not have the required permissions, when the user opens the metrics pane, no graphs appear. For more information, see [Identity and access management for Amazon Rekognition](security-iam.md). For more information about monitoring Rekognition with CloudWatch see [Monitoring Rekognition with Amazon CloudWatch](rekognition-monitoring.md). **To see aggregated metrics (console)** 1. Open the Amazon Rekognition console at [https://console.aws.amazon.com/rekognition/](https://console.aws.amazon.com/rekognition/). 1. In the navigation pane, choose **Metrics**. 1. In the dropdown, select the period of time you want metrics for. 1. To update the graphs, choose the **Refresh** button. 1. To see detailed CloudWatch metrics for a specific aggregated metric, choose **See details on CloudWatch** beneath the metric graph.