Business Productivity

Use channel flows to remove profanity and sensitive content from messages in Amazon Chime SDK messaging

Amazon Chime SDK messaging now supports channel flows which allow you to execute business logic on in-flight messages before they are delivered to members on a channel. In a previous post , we demonstrated a way of achieving moderation in a channel. This approach works for many use cases, but processing is done post-delivery of messages. This results in a narrow window where the sensitive content would be visible to the members on the channel. With channel flows, you can configure a sequence of processors which will essentially run any business logic on the messages before they are delivered to members on a channel. This feature is best when message processing must be completed before delivery.

In this blog, we will walk through how to configure a channel flow that removes profanity and certain personally identifiable information (PII) such as a social security number. This same approach can be used for other forms of data loss prevention (DLP), to process messages for a different purpose such as aggregating messages to tally a vote, translating messages, or any use case where processing of messages is required.

This blog builds on the Amazon Chime SDK chat demo app. After completing the steps below, you will have a version of the chat demo app up and running with UI that allows channel moderators to turn on automated moderation for channels by attaching the channel flow.

Processing Messages to detect PII or profanity using channel flows

Moderation of user-generated content is a critical need for many chat use cases. Corporations need to prevent the accidental sharing of sensitive information, entertainment and social applications need to enforce community guidelines, and brands need to avoid content shared by users that does not fit their brand.

However, automated detection of sensitive content is complex, requires unique skill sets, and is expensive to build. Human moderation requires significant human effort and does not scale. Amazon Comprehend helps remove many of the challenges for implementing automated detection of certain profanity and sensitive information while Amazon Chime SDK messaging provides features that enable integration with Amazon Comprehend.

The pattern for processing this demo uses the channel flow feature of Amazon Chime SDK messaging. An AWS Lambda function that processes messages is added to a channel flow which can then be configured on one or multiple channels. Every message that now goes through any channel with the flow will be sent to AWS Lambda for processing and the Lambda can provide updated message content or redact the content all together by providing these via a single ChannelFlowCallback API.

Moreover, no content is sent on the channel until it has been assessed by the processor in the flow. The message enters a PENDING state and only the updated content is sent to the channel. If the content is redacted due to profanity, no members on the channel will ever see the message.

For simplicity, Amazon Comprehend is used for detection of certain PII. For profanity, the AWS Lambda function simply uses a banned word list. This does not require training Amazon Comprehend. If you choose, you can also use Amazon Comprehend for profanity, but you will need to train your own model.

Once profanity identified in the banned word list is detected, the AWS Lambda processor redacts the message using the ChannelFlowCallback API and the message is deleted and never sent on the channel.

To implement detection of certain PII such as SSN, the AWS Lambda processor utilizes Amazon Comprehend and sends back updated content to Amazon Chime SDK messaging via the ChannelFlowCallback API. The edited content is then sent onto the channel.

Prerequisites

Channel Flow Chat Demo Application Architecture

The architecture remains largely similar to the previous demo chat app, but the main change is that the AWS CloudFormation template now creates an additional AWS Lambda function which is used for profanity and DLP processing as part of a flow.

Note: Deploying this chat demo app and receiving traffic from the app created in this post will incur AWS charges.

  1. The architecture includes the following components:
    The Amazon Chime SDK app instance, which acts as the data plane for all messages.
  2. An AWS CloudFormation template is used to set up the authentication layer with the option to use Amazon Cognito or AWS Security Token Service (AWS STS) to vend user credentials with a post authentication Lambda function. This template also sets up a Lambda function as a processor for profanity and DLP which is then added into an Amazon Chime SDK messaging channel flow entity. Finally, the template creates an Amazon Simple Storage Service (Amazon S3) bucket to store attachments uploaded by users in the chat demo app.
  3. The chat demo app is deployed and can be launched locally for testing purposes. This application is built using the React framework, Amazon Chime SDK Client Library, and AWS Amplify JavaScript library. AWS Amplify is used to store attachments in Amazon S3 and for authentication with either Amazon Cognito or AWS STS for custom authentication. The Amazon Chime SDK Client Library is used to utilize its messaging features. The chat demo app has been updated to support the channel flow features for adding removing flows and also displaying intermediate message status to the end user as the message is being processed by a flow.

Deploying the Channel Flow Chat Demo App

Step 1: Create AWS resources

  1. Sign in to the AWS Management Console with your primary account. Switch to the us-east-1 (N. Virginia) Region. Note: The AWS CloudFormation template in this section needs to be launched in US east (N. Virginia) Region.
  2. Click on Launch Stack  to launch an AWS CloudFormation template that will setup the required infrastructure for the Amazon Chime SDK chat demo app in your AWS account.
  3. On the Create Stack page, choose Next.
  4. On the Specify Details page, enter the following information:
    DemoName– Unique Demo Name for Amazon Cognito resources, such as ‘AWSSDKChimeChannelFlowDemo
  5. Choose Next, and then Next on the Configure stack options page.
  6. On the Review page, check the I acknowledge that AWS CloudFormation might create IAM resources check box. Then click Create.
  7. Creating the stack generates 4 outputs- cognitoAppClientId, attachmentsS3BucketName, cognitoIdentityPoolId, appInstanceArn, and cognitoUserPoolId. Note these values for the demo app configuration in the next step.

Step 2: Deploy the Amazon Chime SDK chat demo app locally

In this section, you will deploy a simple web app written in the React framework in your local environment. This app demonstrates the Amazon Chime SDK messaging features. Once you set up the app locally, you are able to get started.

    1. Clone the project from GitHub.git clone https://github.com/aws-samples/amazon-chime-sdk.git
    2. Run the following commands to navigate to the root folder of the Amazon Chime SDK chat demo:cd amazon-chime-sdk/apps/chat
    3. Run the following commands to install all the dependencies for the Amazon Chime SDK chat demo:npm install
    4. Open src/Config.js with the editor of your choice. Add the following configuration to it updaltating the values with the output from the AWS CloudFormation stack:
      const appConfig = {
          apiGatewayInvokeUrl: '<API GATEWAY INVOKE URL FROM STEP 1>',
          cognitoUserPoolId: '<COGNITO USER POOL ID FROM STEP 1>',
          cognitoAppClientId: '<COGNITO APP CLIENT ID FROM STEP 1>',
          cognitoIdentityPoolId: '<COGNITO IDENTITY POOL ID FROM STEP 1>',
          appInstanceArn: '<AWS CHIME APP INSTANCE ARN FROM STEP 1>',
          region: 'us-east-1',
          attachments_s3_bucket_name: '<S3 BUCKET NAME FROM STEP 1>'
      };
      export default appConfig;
    5. Once the configuration for the application is entered, run the following commands in the amazon-chime-sdk/apps/chat folder to set up your front-end server locally.npm start
    6. Open your browser and navigate to https://localhost:9000 to start testing.

    Step 3: Explore the Amazon Chime SDK chat demo app

    In this section, we will walk through using the demo app and its features.

    User registration
    On the homepage, you have the option to register a user for the chat application. Enter a username and password, then choose the Register button.

    User confirmation
    During user registration, a user is created in the secure Amazon Cognito directory you set up in Step 2. However, this user is in unconfirmed state after registration. To confirm the user, an administrator logs in to the Amazon Cognito directory (CognitoAuthenticator) and confirm the user by clicking on the username, and choosing Confirm User.

    Note: You can automate the user confirmation in Amazon Cognito using multiple mechanisms. Read documentation for more details.

    Once a user is confirmed in Amazon Cognito, they can log in to the chat application and start using its features. After confirming the user, go back to the login screen, make sure the username and password are entered, and choose the Sign In option.

    Step 4: Add a flow with the Profanity and DLP processor to a channel

      1. As your user, create a new channel, this will create the channel and make your user a channel moderator.
      2. From the channel menu, choose the Manage Channel Flow option.
      3. The profanity and DLP Flow you created in Step 1 as part of the CloudFormation stack should be listed under the ‘Manage channel flow’ option on a channel. Enable moderation on a channel by choosing Manage channel flow from the channel options and select the Profanity and DLP flow.
      4. Click Save.

    Step 5: Try the new channel flow

    After the channel flow is configured, send messages into the channel.

    1. Open another browser and register, then sign in as another user.
    2. As your original user, choose Manage Members from the channel menu and add the user you just created to the channel.
    3. Open your two browsers side by side, so you can see the experience of the sender and the recipient.
    4. As the original user, try sending messages with words from the banned word list, a fake social security number, or a phone number. For example:
      1. “Hey, what the heck?”
      2. “My social security number is 123-01-1234”
      3. “What the heck? I tried to call you and you didn’t pick up. Is your phone number still (555) 345-3456?“
    5. As the sender, you will see the message briefly in the ‘PENDING’ state. As the recipient, you will only see the message after it has been processed and sensitive content removed.

    Clean Up

    If you don’t want to continue to be charged for the use of the demo app, you can clean up by deleting the AWS CloudFormation stack deployed in Step 1.

    To delete the stack and its resources:

    1. From the AWS CloudFormation console in us-east-1, select the stack that you created for this demo in Step 1.
    2. Click Delete Stack.
    3. In the confirmation message that appears, click Yes, Delete. At this stage, the status for your changes to DELETE_IN_PROGRESS. In the same way you monitored the creation of the stack, monitor its deletion by using the Events tab. When AWS CloudFormation completes the deletion of the stack, it removes the stack from the list.

    Finally, delete the Amazon Chime app instance created in Step 1 using the following commands in CLI:
    aws chime delete-app-instance --app-instance-arn <ARN FROM STEP 1>

    Conclusion

    In this post, we walked through how channel flows can be used to perform profanity and DLP processing on messages in flight before they are delivered to members of a channel. Channel flows can also be used to perform functions like aggregation of responses to a poll before sending results back to participants.

    When setting up lambda processors for channel flows, follow Lambda Best Practices and Managing Concurrency for best results. You can also learn more on how to set up error handling for Asynchronous Lambda Invocations.

  1. The Amazon Chime SDK messaging features are available today in the US East (N. Virginia) region at low per-message rates. To get started with Amazon Chime SDK messaging, read our developer guide.