Configuring a Comprehend policy and role in AWS
This topic explains how to configure an AWS permission, role, and user for allowing access to the Comprehend service. After you complete this configuration, you can proceed with the integration into Brightspot as described in Configuring the Comprehend integration.
Step 1: Create a custom policy for Comprehend
AWS Comprehend includes several language features. Brightspot requires only two of these features: detect entities and detect key phrases. In this step, you create a custom policy that enables only those features.
- In the AWS console, click Services > Security, Identity, & Compliance > IAM.
- In the left rail, click Access management > Policies.
- Click Create policy.
- In the Specify permissions widget, click JSON.
Delete the existing statements, and paste the following:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:PutObject", "comprehend:BatchDetectEntities", "comprehend:BatchDetectKeyPhrases" ], "Resource": "*" } ] }
- Click Next.
- In the Review and create widget, enter a policy name and description.
- Click Create policy.
Step 2: Create a Comprehend role
In this step, you create a role associated with a default policy for accessing Comprehend.
- In the AWS console, click Services > Security, Identity, & Compliance > IAM.
- In the left rail, click Access management > Roles.
- Click Create role.
- Under Trusted entity type, select AWS service.
- From the Service or use case list, filter for Comprehend.
- Select Comprehend.
- Click Next.
- In the Permissions policies widget, under Policy name, ensure ComprehendDataAccessRolePolicy appears. (This is a standard policy that has more permissions than necessary. In a later step you remove this policy and add the one you created.)
- Click Next.
- In the Name, review, and create widget, enter a role name and description.
- Click Create role.
Step 3: Attach the custom policy to the Comprehend role
In this step, you attach the Comprehend policy to the Comprehend role.
- In the Roles widget, click the role you created. in "Step 2: Create a Comprehend role."
- Under Permissions policies, do the following:
- Remove the default policy ComprehendDataAccessRolePolicy.
- Click Add permissions > Attach policies.
- Filter for and select the custom policy you created in "Step 1: Create a custom policy for Comprehend."
- Click Add permissions.
Proceed to the procedure in Configuring the Rekognition Image integration using the role you created. You can then test the integration by generating suggested tags and sections as described in Applying suggested tags to images.