Viewing Amazon VPC identifiers Checking your data source IAM role

Set up an Amazon Q Business data source to connect to Amazon VPC

When you add a new data source in Amazon Q Business, you can use the Amazon VPC feature if the selected data source connector supports this feature.

You can set up a new Amazon Q Business data source with Amazon VPC enabled by using the AWS Management Console or the Amazon Q Business API. Specifically, use the CreateDataSource API operation, and then use the VpcConfiguration parameter to provide the following information:

SubnetIds – A list of identifiers of Amazon VPC subnets
SecurityGroupIds – A list of identifiers of Amazon VPC security groups

If you use the console, you provide the required Amazon VPC information during connector configuration. To use the console to enable the Amazon VPC feature for a connector, you first choose an Amazon VPC. Then, you provide identifiers of any Amazon VPC subnets and identifiers of any Amazon VPC security groups. You can choose the Amazon VPC subnets and Amazon VPC security groups that you created in Configuring Amazon VPC, or use any existing ones.

Viewing Amazon VPC identifiers

The identifiers for subnets and security groups are configured in the Amazon VPC console. To view the identifiers, use the following procedures.

To view subnet identifiers

Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
From the navigation pane, choose Subnets.
From the Subnets list, choose the subnet that contains your database server.
From the Details tab, make a note of the identifier in the Subnet ID field.

To view security group identifiers

Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
From the navigation pane, choose Security groups.
From the security group list, choose the group that you want the identifier for.
From the Details tab, make a note of the identifier in the Security Group ID field.

Checking your data source IAM role

Make sure that your data source connector AWS Identity and Access Management IAM) role contains permissions to access your Amazon VPC.

If you use the console to create a new role for your IAM role, Amazon Q Business automatically adds the correct permissions to your IAM role on your behalf. If you use the API, or use an existing IAM role, check that your role contains permissions to access Amazon VPC. To verify that you have the right permissions, see IAM roles for data sources.

You can modify an existing data source to use a different Amazon VPC subnet. However, check your data source's IAM role and, if necessary, modify it to reflect the change for the Amazon Q Business data source connector to work properly.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Configuring Amazon VPC

Using Amazon VPC with Amazon S3