Creating an Amazon Q Business application environment - Amazon Q Business

Creating an Amazon Q Business application environment

To create an Amazon Q Business application environment, you can use either the AWS Management Console or the Amazon Q Business API.

Before you begin to create an Amazon Q Business application environment, make sure that you complete the setting up tasks and go through the Before you begin section. If you're using the AWS CLI or the Amazon Q Business API, make sure that you created the required IAM roles.

After you create an application environment, you can create your Amazon Q Business web experience. How you create the web experience depends on whether you use the AWS Management Console or the Amazon Q Business APIs.

  • AWS Management Console – If you use the console to create an application environment, the web experience is created automatically.

  • Amazon Q Business API – If you use the CreateApplication API operation to create an application environment, use the CreateWebExperience API operation to create your web experience.

The following tabs provide a procedure for creating your Amazon Q Business application environment using the AWS Management Console and code examples for using the AWS CLI.

Console

To create an application

  1. Sign in to the AWS Management Console and open the Amazon Q Business console.

  2. From the How it works menu, from Experiment with a sample – optional, choose Try quick application.

  3. On the Create application page, for Application settings, enter the following information for your Amazon Q Business application:

    • Application name – A name for your Amazon Q Business application environment for easy identification. This name is only visible in the AWS Management Console. The name can include hyphens (-), but not spaces, and can have a maximum of 1,000 alphanumeric characters.

  4. In Service access, for Choose a method to authorize Amazon Q Business, choose from the following options:

    • Create and use a new service-linked role (SLR) – Create and use a new Amazon Q Business-managed IAM role to allow it to access the AWS resources it needs to create your application.

    • Create and use a new service role (SR) – Create and use a new IAM role for Amazon Q Business to allow it to access the AWS resources it needs to create your application.

    • Use an existing service role (SR)/service-linked role (SLR) – Use an existing service role or service-linked IAM role to allow Amazon Q Business to access the AWS resources it needs to create your application.

      Note

      For more information about example service roles, see IAM role for an Amazon Q Business application. For information on service-linked roles, including to manage them, see Using service-linked roles.

    • Service role name – A name for the service (IAM) role you created for easy identification on the console.

  5. For Encryption – Amazon Q Business encrypts your data by default using AWS managed AWS KMS keys. To customize your encryption settings, select Customize encryption settings (advanced). Then, you can choose to use an existing AWS KMS key or create a new one.

  6. In Advanced IAM Identity Center settings, activate Enable cross-region calls to access resources to allow Amazon Q Business to connect to an IAM Identity Center instance that exists in a region not already supported by Amazon Q Business. For more information, see Creating a cross-region IAM Identity Center integration.

  7. In Connect Amazon Q Business to IAM Identity Center, you will see the following options based on whether you have an IAM Identity Center instance already configured, or need to create one.

    1. If you don't have an IAM Identity Center instance configured, you see the following:

      • The region your Amazon Q Business application environment is in.

      • Specify tags for IAM Identity Center – Add tags to keep track of your IAM Identity Center instance.

      • Create IAM Identity Center – Select to create an IAM Identity Center instance. Depending on your setup, you may be prompted to create either an account instance, or an organization instance, or be given the option to choose between creating an account instance and an organization instance. The console will display an ARN for your newly created resource after it's created.

    2. If you have both an IAM Identity Center organization instance and an account instance configured, your instances will be auto-detected, and you see the following options:

      • Organization instance of IAM Identity Center – Select this option to manage access to Amazon Q Business by assigning users and groups from the Identity Center directory for your organization.

      • Account instance of IAM Identity Center – Select this option to manage access to Amazon Q Business by assigning existing users and groups from your Identity Center directory.

      • The region your Amazon Q Business application environment is in.

      • IAM Identity Center – The ARN for your IAM Identity Center instance.

    3. If you have an IAM Identity Center account instance configured, your account instance will be auto-detected.

    4. If you have an IAM Identity Center organization instance configured, your organization instance will be auto-detected.

    5. If your IAM Identity Center instance is configured in an AWS region Amazon Q Business isn’t available in, and you haven’t completed Step 6 of this procedure, you will see a message saying that a connection is unavailable with an option to Switch region. Once you complete Step 6, a cross-region connection between Amazon Q Business and IAM Identity Center will be automatically established and your cross-region instance will be auto-detected.

      Note

      Selecting Switch region will only give you the option to change your AWS Management Console region. To create a cross-region IAM Identity Center and Amazon Q Business integration follow Step 6 of this procedure.

  8. Tags – optional – To add tags to your Amazon Q Business application environment and web experience, select Add new tag. Then, enter the following information for each tag:

    • Key – Add a key for your tag.

    • Value - optional – An optional value for your tag.

    For more information about using tags with Amazon Q Business, see Tags.

  9. To start creating your application, choose Create.

AWS CLI

To configure an Amazon Q Business application 


aws qbusiness create-application \
--display-name application-name \
--identity-center-instance-arn identity-center-instance-arn \
--role-arn roleArn \
--description application-description \
--enryption-configuration kmsKeyId=<kms-key-id> \
--attachments-configuration attachmentsControlMode=ENABLED