The Amazon Comprehend APIs that are called using the connector are:
- DetectDominantLanguage
- DetectEntities
- BatchDetectEntities
- StartEntitiesDetectionJob
- DescribeEntitiesDetectionJob
- DetectPiiEntities
- StartPiiEntitiesDetectionJob
- DescribePiiEntitiesDetectionJob
- StartDocumentClassificationJob
To perform these calls it uses the AWS Comprehend SDK. This requires IAM users with the correct permissions to be created. The easiest way to do this is to give an IAM user the AWS managed policy ComprehendFullAccess. If you want to apply stricter access rights, see the list of all Comprehend API permissions.
The Asynchronous calls also require the ability to read and write to an Amazon S3 bucket, therefore the IAM user must have access to the configured bucket. Both the IAM user accessing the data and the Comprehend service itself require access. For more, see Role-Based Permissions Required for Asynchronous Operations.
To allow the library to use this IAM user when communicating with the Comprehend service an AWS access key and secret key must be available. For more, see Using the Default Credential Provider Chain.