How to Set Up Camera Surveillance with AWS and Soracom

Cameras are a mainstay of many IoT and AI use cases, capturing humans and objects and connecting them to various metrics. While there are edge computing configurations that perform analysis on the camera side, it relies on the device’s processing power. If the camera is weak or the response time requirements aren’t strict enough, sending the video from the camera to the cloud to be analyzed can be simple! 

In this article, we’ll explain how this can be done, including the best way to configure an image analysis system that combines AWS AI services and Soracom services with your camera.

Configuring your Camera with AWS

The AWS services that make use of cameras include Amazon Rekognition which can utilize algorithms and more, and Amazon Sagemaker, which handles machine learning processes.

No matter what service you end up using, you’ll need to send the camera’s video data to the cloud. The easiest way to do this is by using Amazon Kinesis Video Streams (KVS). From the camera, data travels to Kinesis Video and then to Rekognition, or through the Kinesis Video Streams Interference Template (KIT) before linking with Sagemaker.

Web Camera Setup

There are various types of web cameras that can be used by connecting to a computer via USB. For a permanent installation, connect a web camera to a single-board computer such as an Intel NUC or Raspberry Pi, encode the video taken by the web camera using the small computer, and send it to the cloud.

To send the data in the correct KVS video stream format, you need to install the KVS producer library on the SBC and set the AWS API key to access the KVS API. 

Building a producer library can be time-consuming and increases the cost of managing and operating each API key when arranging a large number of cameras. With SORACOM Funnel ‘s KVS adapter, your SBC no longer needs a producer library and API key, allowing you to send videos from your SORACOM IoT SIM directly to KVS using 3G / LTE.

That’s because Funnel can determine which SIM sent data, assign an AWS API key to that specific device, convert the data to KVS format and send it to KVS including the API key.

What’s great about this is that it eliminates the need to install a KVS producer library which is difficult to scale, plus it allows you to centrally manage the AWS API key with Soracom.

Network Camera Setup

Some network cameras store data on an SD card inserted of in the camera and some have built-in server functions such as RTSP and Motion JPEG over HTTP, allowing them to send data to clients.

Since KVS video streams do not support RTSP, it’s possible to use a computer that is a client of a network camera to acquire video data and send it to KVS using the KVS producer library. 

Conventionally, instead of a dedicated device such as an encoder that records on a hard disk, it is an image to prepare an encoder on its own. Encoders require computer resources for encoding and other tasks, and the cost of installing and maintaining them increases when the number of encoders is equal to the number of cameras.

To solve this problem, we recommend a cloud encoder configuration that runs the encoder on Amazon EC2 or AWS Fargate and connects the camera device and AWS with SORACOM Canal and SORACOM Gate in a closed cellular network.

Many network cameras require a LAN connection and often do not have a client authentication function or video data encryption function. In a configuration where a global IP address is set for the network camera, there is a risk that the movie will be unintentionally released to the public Internet. 

With a closed-cellular configuration, a private IP address is set for the network camera, preventing connection from the public Internet. This makes it possible to securely access camera devices scattered in distant places from EC2 and containers. 

If you have a network camera that does not have LTE function, you can connect and combine router devices with LTE function using wired LAN or Wi-Fi (router forwards RTSP connection addressed to LTE interface to camera [port forward settings are required]).

EC2 allows you to select an instance type that is a combination of CPU, memory, and GPU, so you can flexibly configure more EC2s or change instance types later as the number of cameras increases. Another advantage is that there is no need to manage API keys because API keys for connecting to KVS can be obtained dynamically using a mechanism called an IAM role.

Furthermore, with Docker containers, AWS Fargate does not require instance management and allows flexible software configuration using containers (IAM roles can be used like EC2).

Let’s Test!

We tried the simulated configuration of each camera with our own equipment.

Verification Example 1. Using Funnel KVS with Web Camera and SBC

We used Gstreamer as streaming software. The point is to use kvssink instead of sending to KVS tcpclientsink, but otherwise it is not particularly different from general H.264 streaming distribution.

Verification Example 2. Use Network Camera and Cloud Encoder with SORACOM Gate

  • Network camera: iPad (6th generation) Wi-Fi + Cellular
  • Cloud encoder: EC2
    • Instance type: i3.large
    • OS: Ubuntu 18.04
    • Docker container image: 546150905175.dkr.ecr.us-west-2.amazonaws.com/kinesis-video-producer-sdk-cpp-amazon-linux

Since there was no affordable network camera, I ran the RTSP server application Live-Reporter on an iPad cellular model that can also use LTE. The encoder ran Gstreamer on a Docker container based on the following procedure on an EC2 instance.

Run a GStreamer element in a Docker container-Amazon Kinesis Video Streams

This time, I wanted to access KVS with the IAM role assigned to EC2 but I could not find a way to get the IAM role authentication information directly from the GStreamer plugin.

If you do the same thing in Fargate, you will be automating a series of actions with a shell script when the container is executed.

Run the Docker container containing GStreamer and the plugin, open a shell and set the environment variables to use the plugin.

While setting the authentication information of the IAM role, execute Gstreamer to access the RTSP server of the iPad via closed-cellular network and send the obtained video data to KVS.

Wrapping Up

Today, we introduced a convenient configuration for performing image analysis by combining a web or network camera device and the AWS AI service. 

You can use it in your hobby IoT system or incorporate it as a new camera device solution service as a business. 

If you have any feedback on our SORACOM services, we would be grateful if youn gave us feedback.

Reference