To use an AWS Q application we need two components:
- An AWS Q AI application
- A SAML 2.0 compliant identity provider
AWS Q application
To set up the AWS Q AI application
- Search for Q in the AWS console
- Click the Get started button
- Click the Create application button
- Enter the name of the application
If your user account has rights to create service roles, select Create and use a new service role option
If your company administrators created a service role for the application, choose Use an existing service role, and select the role.
Click the Create button
- Stay on the page until the new role propagates through the system
- When it becomes available, click the Next button
- On the Connect data sources page select the source where the custom data is located. To index a web site, select the “Web crawler” data source, and specify the URL of the home page, or the location of the site map. For WordPress sites, the site map is located at https://MY_WEBSITE/sitemap.xml
For more information see Configuring an Amazon Q application
Identity Provider
AWS Q is a paid service based on the number of users.
To control access to AWS Q, we need to configure it with a SAML 2.0 compliant identity provider, like Azure AD, Okta, or we can use the AWS Identity Center, which is accessible through your AWS Console.
Using the AWS IAM Identity Center
IMPORTANT: As AWS Q is not an AWS “managed application”, if we use IAM Identity Center, we need to create an IAM Identity Center “organizations” instance to be able to connect “custom applications”.
For the complete list of steps, see Setting up Amazon Q with IAM Identity Center as identity provider
Amazon Q API
The Amazon Q API documentation is at https://docs.aws.amazon.com/amazonq/latest/api-reference/Welcome.html