This is an open source project that allows you to provision the necessary infrastructure to enable you to detect PII (Personal Identifiable Information) in audio voice recordings stored in S3.
You have the option to automatically run PII detection jobs when a new audio file is inserted in S3, or automatically, trigger PII analysis jobs using HTTP API for existing objects.
We leverage on AWS Transcribe service to handle the detection of PII information. We also use Amazon Comprehend to analyze the call sentiment which can be retrieved by calling the analyze API endpoint. Sentiment analisis is disabled by default, and would need to be enabled on your configs.tf settings.
If PII is detected, a process will redact and mute the PII information in the original audio file using FFmpeg. You can optionally turn this feature off in the configs.tf settings.
Watch the following video to see the process in action and how to deploy into your own AWS Account.
https://www.youtube.com/watch?v=YHM4K2W-tfE
Below are the types of information that AWS Transcribe can detect:
- ADDRESS
- BANK_ACCOUNT_NUMBER
- BANK_ROUTING
- CREDIT_DEBIT_CVV
- CREDIT_DEBIT_EXPIRY
- CREDIT_DEBIT_NUMBER
- NAME
- PHONE
- PIN
- SSN
You can optionally configure the data you want to detect and redact in configs.tf
- AWS S3 (storage)
- AWS Lambda (backend)
- AWS Transcribe (transcriptions + PII detection)
Steps: Insert audio audio recording in S3 bucket.
audio-bucket-####
You must specify the audio file extension in configs.tf. Default value is .wav.
Head over to configs.tf to see all options before you deploy. You can use default values, or modify them per your needs.
This is a Terraform project that you can use and test out on your own.
Be sure to have Terraform and AWS CLI installed.
The easiest way to deploy this project is to use our Public Terraform Module, and optionally pass any configurations:
module "s3-audio-pii-guardian" {
source = "michael-ortiz/s3-audio-pii-guardian/aws"
version = "~> 1.0.0"
# Change this to your audio file format:
media_format = "wav"
audio_bucket_name = "audio-bucket"
transcriptions_bucket_name = "transcriptions-bucket"
auto_transcribe_on_s3_put = true
auto_transcribe_probability_percent = 100
redact_audio = true
overwrite_original_audio = false
default_language_code = "en-US"
transcriptions_file_suffix = ".json"
notification_webhook_url = ""
slack_notification_webhook_url = ""
pii_entities = [
"ADDRESS",
"BANK_ACCOUNT_NUMBER",
"BANK_ROUTING",
"CREDIT_DEBIT_CVV",
"CREDIT_DEBIT_EXPIRY",
"CREDIT_DEBIT_NUMBER",
"EMAIL",
"NAME",
"PHONE",
"PIN",
"SSN",
]
create_api_endpoint = true
api_authorization_type = "NONE"
sentiment_analysis = false
}
Clone the the repository:
git clone https://github.com/michael-ortiz/terraform-aws-s3-audio-pii-guardian
Next, open the repository folder in your favorite IDE. Configure your settings in configs.tf, and specially make sure that media_format matches the file extension you will be uploading.
To deploy infrastructure, execute the following commands:
terraform init
terraform applyWait for everything to deploy.
To test that the project is working, upload an audio recording with any of the PII entities that you would like to detact and redact to the S3 Audio bucket audio-bucket-{AWS_ACCOUNT_ID}. Wait some seconds or minutes while AWS Transcribes the job. Next refresh the bucket and you should see a {AUDIO_FILE_NAME}-redacted.${EXTENSION} file with the redacted audio. You can optionally configure to redact the original audio in the configs.tf variables. If you want to take a look at analysis result, use the API /analyze endpoint.
You can optionally modify the lambdas to your needs. Simply make a change to the codebase, and Terraform will detect these changes and make a new build automtically.
terraform apply
Get API urls from Terraform Output.
Method: POST
URL: Get actual URL from Terraform Output.
Example:
https://{ID}.lambda-url.us-east-1.on.aws/transcribe
Body:
{
"s3ObjectKeys": [
"{AUDIO_FILE_NAME}.wav"
],
languageCode: "en-US", // Optionally, overwrite default language
}
Response:
{
"startedJobs": [
{
"jobId": "34def188-a1b8-4ed7-9822-4f1bf763bfd0",
"s3ObjectKey": "{AUDIO_FILE_NAME}.wav",
"s3Uri": "s3://audio-recordings-bucket-####/{AUDIO_FILE_NAME}.wav"
}
],
"jobErrors": []
}
Method: GET
URL: Get actual URL from Terraform Output.
Example:
https://{ID}.lambda-url.us-east-1.on.aws/analyze/{S3_OBJECT_KEY}
Response:
{
"message": "PII detected in call recording.",
"containsPII": true,
"redactOriginalAudio": true,
"audioUri": "s3://audio-bucket-####/{S3_OBJECT_KEY}",
"transcriptUri": "s3://audio-transcriptions-bucket-####/{S3_OBJECT_KEY}",
"transcriptText": "Hello, my name is [PII]. Uh This is a test uh testing uh test card information. My credit card number is [PII] [PII]. My social security is [PII]. This is test data.",
"piiDetections": [
{
"type": "[PII]",
"start_time": "2.43",
"end_time": "2.93",
"redactions": [
{
"confidence": "1.0",
"type": "NAME",
"category": "PII"
}
]
},
{
"type": "[PII]",
"start_time": "11.55",
"end_time": "13.569",
"redactions": [
{
"confidence": "0.9994",
"type": "CREDIT_DEBIT_NUMBER",
"category": "PII"
}
]
},
{
"type": "[PII]",
"start_time": "14.439",
"end_time": "19.729",
"redactions": [
{
"confidence": "0.9994",
"type": "CREDIT_DEBIT_NUMBER",
"category": "PII"
}
]
},
{
"type": "[PII]",
"start_time": "22.36",
"end_time": "27.129",
"redactions": [
{
"confidence": "0.9999",
"type": "SSN",
"category": "PII"
}
]
}
],
"intelligence": {
"sentiment": "NEUTRAL",
"sentimentScore": {
"Mixed": 0.000010112761628988665,
"Negative": 0.00010839156311703846,
"Neutral": 0.9996304512023926,
"Positive": 0.00025106221437454224
}
}
}
Pricing varies based on usage and is based on pay-as-you-go model. Be sure you understand the pricing before you use the services at scale.
As of October 13, 2024 for us-east-1.
See Amazon Transcribe Pricing for most up to date pricing.
Since we will transcribe calls to text and also redact / identify PII, both Standard an PII Redaction pricings will apply.
See AWS S3 Pricing