PutGroup
Create, or updates, a mapping of users—who have access to a document—to groups.
You can also map sub groups to groups. For example, the group "Company Intellectual Property Teams" includes sub groups "Research" and "Engineering". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their Amazon Q Business chat results.
There are two options for creating groups, either inline or using an S3 file via the
S3Path field. For inline groups, there is a limit of 1000 members and for provided S3 files
there is a limit of 100 thousand members. When creating a group using an S3 file, you provide both
an S3 file and a RoleArn
to access the file.
Request Syntax
PUT /applications/applicationId
/indices/indexId
/groups HTTP/1.1
Content-type: application/json
{
"dataSourceId": "string
",
"groupMembers": {
"memberGroups": [
{
"groupName": "string
",
"type": "string
"
}
],
"memberUsers": [
{
"type": "string
",
"userId": "string
"
}
],
"s3PathForGroupMembers": {
"bucket": "string
",
"key": "string
"
}
},
"groupName": "string
",
"roleArn": "string
",
"type": "string
"
}
URI Request Parameters
The request uses the following URI parameters.
- applicationId
-
The identifier of the application in which the user and group mapping belongs.
Length Constraints: Fixed length of 36.
Pattern:
[a-zA-Z0-9][a-zA-Z0-9-]{35}
Required: Yes
- indexId
-
The identifier of the index in which you want to map users to their groups.
Length Constraints: Fixed length of 36.
Pattern:
[a-zA-Z0-9][a-zA-Z0-9-]{35}
Required: Yes
Request Body
The request accepts the following data in JSON format.
- dataSourceId
-
The identifier of the data source for which you want to map users to their groups. This is useful if a group is tied to multiple data sources, but you only want the group to access documents of a certain data source. For example, the groups "Research", "Engineering", and "Sales and Marketing" are all tied to the company's documents stored in the data sources Confluence and Salesforce. However, "Sales and Marketing" team only needs access to customer-related documents stored in Salesforce.
Type: String
Length Constraints: Fixed length of 36.
Pattern:
[a-zA-Z0-9][a-zA-Z0-9-]{35}
Required: No
- groupMembers
-
A list of users or sub groups that belong to a group. This is for generating Amazon Q Business chat results only from document a user has access to.
Type: GroupMembers object
Required: Yes
- groupName
-
The list that contains your users or sub groups that belong the same group. For example, the group "Company" includes the user "CEO" and the sub groups "Research", "Engineering", and "Sales and Marketing".
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern:
\P{C}*
Required: Yes
- roleArn
-
The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 1284.
Pattern:
arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}
Required: No
- type
-
The type of the group.
Type: String
Valid Values:
INDEX | DATASOURCE
Required: Yes
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You don't have access to perform this action. Make sure you have the required permission policies and user accounts and try again.
HTTP Status Code: 403
- ConflictException
-
You are trying to perform an action that conflicts with the current status of your resource. Fix any inconsistencies with your resources and try again.
HTTP Status Code: 409
- InternalServerException
-
An issue occurred with the internal server used for your Amazon Q Business service. Wait some minutes and try again, or contact Support
for help. HTTP Status Code: 500
- ResourceNotFoundException
-
The application or plugin resource you want to use doesn’t exist. Make sure you have provided the correct resource and try again.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
You have exceeded the set limits for your Amazon Q Business service.
HTTP Status Code: 402
- ThrottlingException
-
The request was denied due to throttling. Reduce the number of requests and try again.
HTTP Status Code: 429
- ValidationException
-
The input doesn't meet the constraints set by the Amazon Q Business service. Provide the correct input and try again.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: