Jump Start Solution: AI/ML image processing on Cloud Functions

Last reviewed 2023-08-29 UTC

This guide helps you understand, deploy, and use the AI/ML image processing on Cloud Functions Jump Start Solution. This solution uses pre-trained machine learning models to analyze images provided by users and generate image annotations.

Deploying this solution creates an image processing service that can help you do the following, and more:

  • Handle unsafe or harmful user-generated content.
  • Digitize text from physical documents.
  • Detect and classify objects in images.

This document is intended for developers who have some familiarity with backend service development, the capabilities of AI/ML, and basic cloud computing concepts. Though not required, Terraform experience is helpful.

Objectives

  • Learn how a serverless architecture is used to create a scalable image processing service.
  • Understand how the image processing service uses pre-trained machine learning models for image analysis.
  • Deploy the image processing service and invoke it through REST API calls or in response to image upload events.
  • Review configuration and security settings to understand how to adapt the image processing service to different needs.

Products used

The solution uses the following Google Cloud products:

  • Cloud Vision API: An API offering powerful pre-trained machine learning models for image annotation. The solution uses the Cloud Vision API to analyze images and obtain image annotation data.
  • Cloud Storage: An enterprise-ready service that provides low-cost, no-limit object storage for diverse data types. Data is accessible from within and outside of Google Cloud and is replicated geo-redundantly. The solution uses Cloud Storage to store input images and resulting image annotation data.
  • Cloud Functions: A lightweight serverless compute service that lets you create single-purpose, standalone functions that can respond to Google Cloud events without the need to manage a server or runtime environment. The solution uses Cloud Functions to host the image processing service's endpoints.

For information about how these products are configured and how they interact, see the next section.

Architecture

The solution consists of an example image processing service that analyzes input images and generates annotations for the images using pre-trained machine learning models. The following diagram shows the architecture of the Google Cloud resources used in the solution.

Architecture of the infrastructure required for the AI/ML image processing on Cloud Functions solution.

The service can be invoked in two ways: directly through REST API calls or indirectly in response to image uploads.

Request flow

The request processing flow of the image processing service depends on how users invoke the service. The following steps are numbered as shown in the preceding architecture diagram.

When the user invokes the image processing service directly through a REST API call:

  1. The user makes a request to the image processing service's REST API endpoint, deployed as a Cloud Function. The request specifies an image as a URI or a base64 encoded stream.
  2. The Cloud Function makes a call to the Cloud Vision API to generate annotations for the specified image. The image annotation data is returned in JSON format in the function's response to the user.

When the user invokes the image processing service indirectly in response to image uploads:

  1. The user uploads images to a Cloud Storage bucket for input.
  2. Each image upload generates a Cloud Storage event that triggers a Cloud Function to process the uploaded image.
  3. The Cloud Function makes a call to the Cloud Vision API to generate annotations for the specified image.
  4. The Cloud Function writes the image annotation data as a JSON file in another Cloud Storage bucket for output.

Cost

For an estimate of the cost of the Google Cloud resources that the AI/ML image processing on Cloud Functions solution uses, see the precalculated estimate in the Google Cloud Pricing Calculator.

Use the estimate as a starting point to calculate the cost of your deployment. You can modify the estimate to reflect any configuration changes that you plan to make for the resources that are used in the solution.

The precalculated estimate is based on assumptions for certain factors, including the following:

  • The Google Cloud locations where the resources are deployed.
  • The amount of time that the resources are used.

  • The amount of data stored in Cloud Storage.

  • The number of times the image processing service is invoked.

Deploy the solution

This section guides you through the process of deploying the solution.

Create or choose a Google Cloud project

When you deploy the solution, you choose the Google Cloud project where the resources are deployed. When you're deciding whether to use an existing project or to create a new project, consider the following factors:

  • If you create a project for the solution, then when you no longer need the deployment, you can delete the project and avoid continued billing. If you use an existing project, you must delete the deployment when you no longer need it.
  • Using a new project can help avoid conflicts with previously provisioned resources, such as resources that are used for production workloads.

If you want to deploy the solution in a new project, create the project before you begin the deployment.

To create a project, complete the following steps:

  1. In the Google Cloud console, go to the project selector page.

    Go to project selector

  2. To begin creating a Google Cloud project, click Create project.

  3. Name your project. Make a note of your generated project ID.

  4. Edit the other fields as needed.

  5. To create the project, click Create.

Get the required IAM permissions

To start the deployment process, you need the Identity and Access Management (IAM) permissions that are listed in the following table. If you have the roles/owner basic role for the project in which you plan to deploy the solution, then you already have all the necessary permissions. If you don't have the roles/owner role, then ask your administrator to grant these permissions (or the roles that include these permissions) to you.

IAM permission required Predefined role that includes the required permissions

serviceusage.services.enable

Service Usage Admin
(roles/serviceusage.serviceUsageAdmin)

iam.serviceAccounts.create

Service Account Admin
(roles/iam.serviceAccountAdmin)

resourcemanager.projects.setIamPolicy

Project IAM Admin
(roles/resourcemanager.projectIamAdmin)
config.deployments.create
config.deployments.list
Cloud Infrastructure Manager Admin
(roles/config.admin)

Service account created for the solution

If you start the deployment process through the console, Google creates a service account to deploy the solution on your behalf (and to delete the deployment later if you choose). This service account is assigned certain IAM permissions temporarily; that is, the permissions are revoked automatically after the solution deployment and deletion operations are completed. Google recommends that after you delete the deployment, you delete the service account, as described later in this guide.

View the roles assigned to the service account

These roles are listed here in case an administrator of your Google Cloud project or organization needs this information.

  • roles/serviceusage.serviceUsageAdmin
  • roles/iam.serviceAccountAdmin
  • roles/resourcemanager.projectIamAdmin
  • roles/cloudfunctions.admin
  • roles/run.admin
  • roles/storage.admin
  • roles/pubsublite.admin
  • roles/iam.securityAdmin
  • roles/logging.admin
  • roles/artifactregistry.reader
  • roles/cloudbuild.builds.editor
  • roles/compute.admin
  • roles/iam.serviceAccountUser

Choose a deployment method

To help you deploy this solution with minimal effort, a Terraform configuration is provided in GitHub. The Terraform configuration defines all the Google Cloud resources that are required for the solution.

You can deploy the solution by using one of the following methods:

  • Through the console: Use this method if you want to try the solution with the default configuration and see how it works. Cloud Build deploys all the resources that are required for the solution. When you no longer need the deployed solution, you can delete it through the console. Any resources that you create after you deploy the solution might need to be deleted separately.

    To use this deployment method, follow the instructions in Deploy through the console.

  • Using the Terraform CLI: Use this method if you want to customize the solution or if you want to automate the provisioning and management of the resources by using the infrastructure as code (IaC) approach. Download the Terraform configuration from GitHub, optionally customize the code as necessary, and then deploy the solution by using the Terraform CLI. After you deploy the solution, you can continue to use Terraform to manage the solution.

    To use this deployment method, follow the instructions in Deploy using the Terraform CLI.

Deploy through the console

Complete the following steps to deploy the preconfigured solution.

  1. In the Google Cloud Jump Start Solutions catalog, go to the AI/ML image processing on Cloud Functions solution.

    Go to the AI/ML image processing on Cloud Functions solution

  2. Review the information that's provided on the page, such as the estimated cost of the solution and the estimated deployment time.

  3. When you're ready to start deploying the solution, click Deploy.

    A step-by-step interactive guide is displayed.

  4. Complete the steps in the interactive guide.

    Note the name that you enter for the deployment. This name is required later when you delete the deployment.

    When you click Deploy, the Solution deployments page is displayed. The Status field on this page shows Deploying.

  5. Wait for the solution to be deployed.

    If the deployment fails, the Status field shows Failed. You can use the Cloud Build log to diagnose the errors. For more information, see Errors when deploying through the console.

    After the deployment is completed, the Status field changes to Deployed.

  6. To view the Google Cloud resources that are deployed and their configuration, take an interactive tour.

    Start the tour

Next, to try the solution out yourself, see Explore the solution.

When you no longer need the solution, you can delete the deployment to avoid continued billing for the Google Cloud resources. For more information, see Delete the deployment.

Deploy using the Terraform CLI

This section describes how you can customize the solution or automate the provisioning and management of the solution by using the Terraform CLI. Solutions that you deploy by using the Terraform CLI are not displayed in the Solution deployments page in the Google Cloud console.

Set up the Terraform client

You can run Terraform either in Cloud Shell or on your local host. This guide describes how to run Terraform in Cloud Shell, which has Terraform preinstalled and configured to authenticate with Google Cloud.

The Terraform code for this solution is available in a GitHub repository.

  1. Clone the GitHub repository to Cloud Shell.

    Open in Cloud Shell

    A prompt is displayed to confirm downloading the GitHub repository to Cloud Shell.

  2. Click Confirm.

    Cloud Shell is launched in a separate browser tab, and the Terraform code is downloaded to the $HOME/cloudshell_open directory of your Cloud Shell environment.

  3. In Cloud Shell, check whether the current working directory is $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra. This is the directory that contains the Terraform configuration files for the solution. If you need to change to that directory, run the following command:

    cd $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra
    
  4. Initialize Terraform by running the following command:

    terraform init
    

    Wait until you see the following message:

    Terraform has been successfully initialized!
    

Configure the Terraform variables

The Terraform code that you downloaded includes variables that you can use to customize the deployment based on your requirements. For example, you can specify the Google Cloud project and the region where you want the solution to be deployed.

  1. Make sure that the current working directory is $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra. If it isn't, go to that directory.

  2. In the same directory, create a text file named terraform.tfvars.

  3. In the terraform.tfvars file, copy the following code snippet, and set values for the required variables.

    • Follow the instructions that are provided as comments in the code snippet.
    • This code snippet includes only the variables for which you must set values. The Terraform configuration includes other variables that have default values. To review all the variables and the default values, see the variables.tf file that's available in the $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra directory.
    • Make sure that each value that you set in the terraform.tfvars file matches the variable type as declared in the variables.tf file. For example, if the type that’s defined for a variable in the variables.tf file is bool, then you must specify true or false as the value of that variable in the terraform.tfvars file.
    # This is an example of the terraform.tfvars file.
    # The values in this file must match the variable types declared in variables.tf.
    # The values in this file override any defaults in variables.tf.
    
    # ID of the project in which you want to deploy the solution
    project_id = "PROJECT_ID"
    

Validate and review the Terraform configuration

  1. Make sure that the current working directory is $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra. If it isn't, go to that directory.

  2. Verify that the Terraform configuration has no errors:

    terraform validate
    

    If the command returns any errors, make the required corrections in the configuration and then run the terraform validate command again. Repeat this step until the command returns the following message:

    Success! The configuration is valid.
    
  3. Review the resources that are defined in the configuration:

    terraform plan
    
  4. If you didn't create the terraform.tfvars file as described earlier, Terraform prompts you to enter values for the variables that don't have default values. Enter the required values.

    The output of the terraform plan command is a list of the resources that Terraform provisions when you apply the configuration.

    If you want to make any changes, edit the configuration and then run the terraform validate and terraform plan commands again.

Provision the resources

When no further changes are necessary in the Terraform configuration, deploy the resources.

  1. Make sure that the current working directory is $HOME/cloudshell_open/terraform-ml-image-annotation-gcf/infra. If it isn't, go to that directory.

  2. Apply the Terraform configuration:

    terraform apply
    
  3. If you didn't create the terraform.tfvars file as described earlier, Terraform prompts you to enter values for the variables that don't have default values. Enter the required values.

    Terraform displays a list of the resources that will be created.

  4. When you're prompted to perform the actions, enter yes.

    Terraform displays messages showing the progress of the deployment.

    If the deployment can't be completed, Terraform displays the errors that caused the failure. Review the error messages and update the configuration to fix the errors. Then run the terraform apply command again. For help with troubleshooting Terraform errors, see Errors when deploying the solution using the Terraform CLI.

    After all the resources are created, Terraform displays the following message:

    Apply complete!
    

    The Terraform output also includes the image processing service's entry point URL, the name of the input Cloud Storage bucket for uploading images, and the name of the output Cloud Storage bucket that contains image annotation data, as shown in the following example output:

    vision_annotations_gcs = "gs://vision-annotations-1234567890"
    vision_input_gcs = "gs://vision-input-1234567890"
    vision_prediction_url = [
      "https://annotate-http-abcde1wxyz-wn.a.run.app",
      "ingressIndex:0",
      "ingressValue:ALLOW_ALL",
      "isAuthenticated:false",
    ]
    
  5. To view the Google Cloud resources that are deployed and their configuration, take an interactive tour.

    Start the tour

Next, you can explore the solution and see how it works.

When you no longer need the solution, you can delete the deployment to avoid continued billing for the Google Cloud resources. For more information, see Delete the deployment.

Explore the solution

In this section, you can try using the solution to see it in action. The image processing service can be invoked in two ways: by calling its REST API directly or by uploading images to the input Cloud Storage bucket.

Invoke the service through the REST API

In scenarios where you want to process images synchronously in a request-response flow, use the image processing service's REST API.

The annotate-http function deployed by the solution is the entry point to the image processing service's REST API. You can find the URL of this function in the console, or if you deployed by using the Terraform CLI, in the output variable vision_prediction_url. This entry point URL exposes an endpoint named /annotate for making image processing requests. The /annotate endpoint supports GET and POST requests with the following parameters:

Parameter Description
image (POST requests only) Image content, uploaded in binary format or specified as base64-encoded image data.
image_uri A URI pointing to an image.
features (Optional) A comma-separated list of