IAM roles for Amazon Q Business - Amazon Q Business

IAM roles for Amazon Q Business

When you create an application or a web experience with Amazon Q Business, or connect a data source to it, Amazon Q Business needs access to the required AWS resources.

If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create the Amazon Q Business resource. When you call the operation, you provide the Amazon Resource Name (ARN) role with the policy attached.

If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role. The console displays roles that have the string qbusiness or QBusiness in the role name.

The following topics provide details for the required policies. If you create IAM roles using the Amazon Q Business console, these policies are created on your behalf.