Creating an AWS Q AI application

To use an AWS Q application we need two components:

  • An AWS Q AI application
  • A SAML 2.0 compliant identity provider

AWS Q application

To set up the AWS Q AI application

  • Search for Q in the AWS console

  • Click the Get started button

  • Click the Create application button

  • Enter the name of the application
    If your user account has rights to create service roles, select Create and use a new service role option
    If your company administrators created a service role for the application, choose Use an existing service role, and select the role.
    Click the Create button

  • Stay on the page until the new role propagates through the system

  • When it becomes available, click the Next button
  • On the Connect data sources page select the source where the custom data is located. To index a web site, select the “Web crawler” data source, and specify the URL of the home page, or the location of the site map. For WordPress sites, the site map is located at https://MY_WEBSITE/sitemap.xml

For more information see Configuring an Amazon Q application

Identity Provider

AWS Q is a paid service based on the number of users.

To control access to AWS Q, we need to configure it with a SAML 2.0 compliant identity provider, like Azure AD, Okta, or we can use the AWS Identity Center, which is accessible through your AWS Console.

Using the AWS IAM Identity Center

IMPORTANT: As AWS Q is not an AWS “managed application”, if we use IAM Identity Center, we need to create an IAM Identity Center “organizations” instance to be able to connect “custom applications”.

For the complete list of steps, see Setting up Amazon Q with IAM Identity Center as identity provider

Amazon Q API

The Amazon Q API documentation is at

Leave a comment

Your email address will not be published. Required fields are marked *