Prerequisites for connecting Amazon Q Business to Box - Amazon Q Business

Prerequisites for connecting Amazon Q Business to Box

Before you begin, make sure that you have completed the following prerequisites.

In Box, make sure you have:

  • A Box Enterprise or Box Enterprise Plus account.

  • Created a Box custom app in the Box Developer Console and configured it to use Server Authentication (with JWT).

  • Set your App Access Level to App + Enterprise Access and allowed it to Make API calls using the as-user header.

  • Used the admin user to add the following Application Scopes in your Box app:

    • Write all files and folders stored in a Box

    • Manage users

    • Manage groups

    • Manage enterprise properties

  • Generated and downloaded Public/Private key pair including a client ID, a client secret, a public key ID, private key ID, a pass phrase, and an enterprise ID to use as authentication credentials. See Public and private keypair for more details.

  • Copied your Box enterprise ID either from your Box Developer Console settings or from your Box app. For example, 801234567.

In your AWS account, make sure you have:

  • Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.

  • Stored your Box authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.

    Note

    If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.

For a list of things to consider while configuring your data source, see Data source connector configuration best practices.