-[require_kms_cmks.tf](./modules/comprehend/require_kms_cmks.tf) - Requires all applicable Amazon Comprehend calls to pass ina Amazon Key Management Service (KMS) customer managed key (CMK). Per the[documentation](https://docs.aws.amazon.com/comprehend/latest/dg/kms-in-comprehend.html),_Amazon Comprehend can encrypt custom models using either its own KMS Key or a provided customer managed key (CMK)._ You can find a comparison of the two keys[here](https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html), and CMKs provide greater control over your encyption keys.

-[require_kms_cmks.tf](./modules/comprehend/require_kms_cmks.tf) - Requires all applicable Amazon Comprehend calls to pass inan Amazon Key Management Service (KMS) customer managed key (CMK). Per the[documentation](https://docs.aws.amazon.com/comprehend/latest/dg/kms-in-comprehend.html),_Amazon Comprehend can encrypt custom models using either its own KMS Key or a provided customer managed key (CMK)._ You can find a comparison of the two keys[here](https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html), and CMKs provide greater control over your encyption keys.

-[require_private_vpcs.tf](./modules/comprehend/require_private_vpcs.tf) - Amazon Comprehend supports running the job containers in a customer managed VPC. A VPC can be configured to not be exposed to internet, allows users to monitor networking traffic using flow logs, and can route traffic over private networks with VPC endpoints.

- When Amazon Comprehend jobs are launched in a VPC, Amazon Comprehend creates Elastic Network Interfaces (ENIs) and attached them to the job containers. The ENIs provide network connectivity within the VPC.