Posted On: Apr 2, 2021

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to analyze text documents and identify insights such as sentiment, entities, and topics in text. Today, we are announcing support for two security focused features: support for IAM condition keys and support for encrypting custom models with customer managed KMS keys. With AWS Identity and Access Management (IAM) condition keys, you can control the Amazon Virtual Private Cloud (VPC) and encryption settings for your Amazon Comprehend APIs. You can use the new condition keys in IAM policies when granting permissions to create asynchronous jobs and creating custom classification or custom entity training jobs in your organization. For example, As a security requirement, you can now enforce that all Comprehend asynchronous jobs must use VPC endpoints.Additionally, while Amazon Comprehend already supported Customer Managed Keys (CMK) for encrypting your training data and machine learning volumes used for inference, you can now encrypt your custom models in Amazon Comprehend using a Customer Managed Key (CMK).

The new IAM condition keys are available in all AWS Regions where Amazon Comprehend is available. To learn more about the new condition keys and view policy examples, see “Using IAM condition keys for VPC settings" and “Resource and Conditions for Amazon Comprehend API” in the Amazon Comprehend Developer Guide.

To learn more about using IAM condition keys, see “IAM JSON Policy Elements: Condition” in the IAM User Guide. To learn about using a CMK with custom models, see “Using a Customer Managed Key” in the Amazon Comprehend Developer Guide.

For a step by step walkthrough on both features, please visit our launch blog. To try the new feature, log in to the Amazon Comprehend console for a code-free experience, or download the AWS SDK. You can also learn more about this new feature in the documentation.