Chatting about your resources - Amazon Q Developer
PrerequisitesAsk Amazon Q about resources

Chatting about your resources

Asking Amazon Q about your AWS resources is in preview, and is subject to change.

In the AWS Management Console, you can ask Amazon Q about your AWS account resources. In the chat panel, ask Amazon Q to list a type of resource in your account, for details about a specific resource, or to list resources based on a criteria such as region or state.

Amazon Q can perform get, list, and describe actions to retrieve your AWS resources. For example, you can ask “List my S3 buckets” or “Show my running EC2 instances in us-east-1”. Amazon Q can’t answer questions about the data stored in your resources, such as listing objects in an Amazon S3 bucket, or questions related to your account security, identity, credentials, or cryptography.

Amazon Q lists up to 6 resources in the chat panel, and the response includes details about each resource, a resource ARN that you can copy, and, if applicable, a link to the service console. When you ask about one resource, the response also includes the resource information in JSON format.

Prerequisites

For Amazon Q to show your resources, the following prerequisites must be met.

Add permissions

To chat about your resources, you need the following permissions:

  • q:SendMessage to chat with Amazon Q

  • q:StartConversation to chat with Amazon Q

  • q:GetConversation to chat with Amazon Q

  • q:ListConversations to chat with Amazon Q

  • q:PassRequest to allow Amazon Q to call the APIs required to view your resources

  • Permissions to perform the actions required to view your resources

Your IAM identity must have permissions to perform the actions required to access resources you ask about. For example, if you ask Amazon Q to list your Amazon S3 buckets, you must have the s3:ListAllMyBuckets permission. Amazon Q will never perform an action that you don’t have permission to perform yourself.

For an example IAM policy that grants the necessary permissions, see Allow Amazon Q to perform actions on your behalf. For more information about the q:PassRequest action, see Using q:PassRequest.

Important

Normal fees apply when you ask Amazon Q to perform read, list, or describe actions. For more information, see the pricing page for the AWS service you are asking Amazon Q about.

Amazon Q chat makes calls from US East (N. Virginia), so it might have to make cross-Region calls to access your resources in another Region, including to opt-in Regions. Amazon Q requires cross-region consent to retrieve resources. To consent to cross-Region calls, complete the following steps:

  1. Open the AWS Management Console and choose the Amazon Q icon.

  2. If you haven’t consented already, a notification about cross-region calls appears above the text bar. Choose Continue to consent to Amazon Q making cross-region calls to access your resources. If you choose Don’t allow, you won’t be able to ask Amazon Q about your AWS resources.

  3. If you want to modify your cross-Region settings, choose the gear icon in the top right corner of the chat panel.

Ask Amazon Q about resources

You can ask Amazon Q to list your resources or get details about a specific resource or group of resources.

When you ask Amazon Q about your resources, you can specify the Region that Amazon Q calls to locate your resources. If no Region is specified, Amazon Q uses your current console Region, or the most recent console Region if you are using a global console Region. If no Region is found, it defaults to calling US East (N. Virginia).

Amazon Q might need additional information to retrieve your resources, such as the name of a resource or a resource ARN. When Amazon Q asks a follow up, reply with the requested details.

Following are example questions you can ask Amazon Q about your resources:

  • Describe the encryption settings for S3 bucket <name>

  • List my EC2 instances in us-west-2

  • Get the configuration for my lambda function <name>