Creating an Amazon Q Business application - Amazon Q Business

Creating an Amazon Q Business application

To create an Amazon Q Business application, you can use either the AWS Management Console or the Amazon Q API.

Before you begin to create an Amazon Q application, make sure that you complete the setting up tasks. If you're using the AWS CLI or the Amazon Q API, make sure that you created the required IAM roles.

After you create an application, you can create your Amazon Q web experience. How you create the web experience depends on whether you use the AWS Management Console or the Amazon Q APIs.

  • AWS Management Console – If you use the console to create an application, the web experience is created automatically.

  • Amazon Q API – If you use the CreateApplication API operation to create an application, use the CreateWebExperience API operation to create your web experience.

Note

Your IAM Identity Center instance must be created in the same region as your Amazon Q Business application. To understand why this is important, see Considerations for choosing an AWS Region in the IAM Identity Center User Guide. For regions supported by Amazon Q Business, see Service quotas for Amazon Q Business.

The following tabs provide a procedure for creating your Amazon Q application using the AWS Management Console and code examples for using the AWS CLI.

Console

To configure an Amazon Q application

  1. Sign in to the AWS Management Console and open the Amazon Q console at https://console.aws.amazon.com/amazonq/business/.

  2. From the How it works menu, from Experiment with a sample – optional, choose Try quick application.

  3. On the Create application page, for Application settings, enter the following information for your Amazon Q application:

    • Application name – A name for your Amazon Q Business application for easy identification. This name is only visible in the AWS Management Console. The name can include hyphens (-), but not spaces, and can have a maximum of 1,000 alphanumeric characters.

  4. In Service access, for Choose a method to authorize Amazon Q, choose from the following options:

    • Create and use a new service-linked role (SLR) – Create and use a new Amazon Q-managed IAM role to allow it to access the AWS resources it needs to create your application.

    • Create and use a new service role (SR) – Create and use a new IAM role for Amazon Q Business to allow it to access the AWS resources it needs to create your application.

    • Use an existing service role (SR)/service-linked role (SLR) – Use an existing service role or service-linked IAM role to allow Amazon Q to access the AWS resources it needs to create your application.

      Note

      For more information about example service roles, see IAM role for an Amazon Q Business application. For information on service-linked roles, including to manage them, see Using service-linked roles.

    • Service role name – A name for the service (IAM) role you created for easy identification on the console.

  5. For Encryption – Amazon Q encrypts your data by default using AWS managed AWS KMS keys.

    Important

    Amazon Q Business automatically provisions an Enterprise index for when you create an application using the AWS Management Console. For more information on index types, see Amazon Q Business tiers and Data encryption.

  6. In Connect Amazon Q to IAM Identity Center, you will see the following options based on whether you have an IAM Identity Center instance already configured, or need to create one.

    1. If you don't have an IAM Identity Center instance configured, you see the following:

      • The region your Amazon Q application is in. This is so you can make sure that the region for your Amazon Q aplication and IAM Identity Center instance match.

      • Specify tags for IAM Identity Center – Add tags to keep track of your IAM Identity Center instance.

      • Create IAM Identity Center – Select to create a minimally-configured IAM Identity Center instance. The console will display an ARN for your newly created resource after it's created.

      Note

      You can't add groups to your application from your Amazon Q console unless you already have an IAM Identity Center instance with groups configured. When you add a new user to IAM Identity Center from the Amazon Q Business console, you need to make sure that the user is enabled in your IAM Identity Center instance and their email ID is verified before they can log in to your Amazon Q Business web experience to chat.

    2. If you have both an IAM Identity Center organization instance and an account instance configured, your instances will be auto-detected, and you see the following options:

      • Connect to organization instance of IAM Identity Center – Select this option to manage access to Amazon Q by assigning users and groups from the Identity Center directory for your organization.

      • Connect to account instance of IAM Identity Center – Select this option to manage access to Amazon Q by assigning existing users and groups from your Identity Center directory.

      • The region your Amazon Q application is in. This is so you can make sure that the region for your Amazon Q aplication and IAM Identity Center instance match.

      • IAM Identity Center – The ARN for your IAM Identity Center instance.

    3. If you have an IAM Identity Center account instance configured, your account instance will be auto-detected and you will see the following:

      • The region your Amazon Q application is in. This is so you can make sure that the region for your Amazon Q aplication and IAM Identity Center instance match.

      • IAM Identity Center – The Amazon Resource Name (ARN) for your IAM Identity Center instance.

    4. If you have an IAM Identity Center organization instance configured, you will see a message asking you to tell your admin to give you access to IAM Identity Center. You will need access to IAM Identity Center before you can proceed.

  7. Tags – optional – To add tags to your Amazon Q application and web experience, select Add new tag. Then, enter the following information for each tag:

    • Key – Add a key for your tag.

    • Value - optional – An optional value for your tag.

    For more information about using tags with Amazon Q, see Tags.

  8. To start creating your application, choose Create.

AWS CLI

To configure an Amazon Q application 


aws qbusiness create-application \
--display-name application-name \
--identity-center-instance-arn identity-center-instance-arn \
--role-arn roleArn \
--description application-description \
--enryption-configuration kmsKeyId=<kms-key-id> \
--attachments-configuration attachmentsControlMode=ENABLED