Amazon Comprehend (comprehend)

2023-03-02

11 new actions, 2 new resources, 2 new conditions | 7 updated actions

Additions

    Actions
  • CreateDataset
    • Description:  Grants permission to create a new dataset within a flywheel
    • Access:  Write
    • Resources: 

      Name: flywheel

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateFlywheel
    • Description:  Grants permission to create a new flywheel that you can use to train model versions
    • Access:  Write
    • Resources: 

      Name: flywheel

      Required: Yes

      Name: document-classifier

      Required: No

      Name: entity-recognizer

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      comprehend:VolumeKmsKey

      comprehend:ModelKmsKey

      comprehend:DataLakeKmsKey

      comprehend:VpcSecurityGroupIds

      comprehend:VpcSubnets

  • DeleteFlywheel
    • Description:  Grants permission to Delete a flywheel
    • Access:  Write
    • Resources: 

      Name: flywheel

      Required: Yes

  • DescribeDataset
    • Description:  Grants permission to get the properties associated with a dataset
    • Access:  Read
    • Resources: 

      Name: flywheel-dataset

      Required: Yes

  • DescribeFlywheel
    • Description:  Grants permission to get the properties associated with a flywheel
    • Access:  Read
    • Resources: 

      Name: flywheel

      Required: Yes

  • DescribeFlywheelIteration
    • Description:  Grants permission to get the properties associated with a flywheel iteration for a flywheel
    • Access:  Read
    • Resources: 

      Name: flywheel

      Required: Yes

    • Conditions: 

      comprehend:FlywheelIterationId

  • ListDatasets
    • Description:  Grants permission to get a list of the Datasets associated with a flywheel
    • Access:  Read
    • Resources: 

      Name: flywheel

      Required: Yes

  • ListFlywheelIterationHistory
    • Description:  Grants permission to get a list of iterations associated for a flywheel
    • Access:  Read
    • Resources: 

      Name: flywheel

      Required: Yes

  • ListFlywheels
    • Description:  Grants permission to get a list of the flywheels that you have created
    • Access:  Read
  • StartFlywheelIteration
    • Description:  Grants permission to start a flywheel iteration for a flywheel
    • Access:  Write
    • Resources: 

      Name: flywheel

      Required: Yes

  • UpdateFlywheel
    • Description:  Grants permission to Update a flywheel's configuration
    • Access:  Write
    • Resources: 

      Name: flywheel

      Required: Yes

      Name: document-classifier

      Required: No

      Name: entity-recognizer

      Required: No

    • Conditions: 

      comprehend:VolumeKmsKey

      comprehend:ModelKmsKey

      comprehend:VpcSecurityGroupIds

      comprehend:VpcSubnets

    Resources
  • flywheel
    • Arn:  arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • flywheel-dataset
    • Arn:  arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}/dataset/${DatasetName}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • comprehend:DataLakeKmsKey
    • Description:  Filters access by the DataLake Kms Key associated with the flywheel resource in the request
    • Type:  ARN
  • comprehend:FlywheelIterationId
    • Description:  Filters access by particular Iteration Id for a flywheel
    • Type:  String

Updates