Manage account details Enable trusted access Enabling prompt logging

Managing Amazon Q Developer Pro settings

This page describes how to configure settings for your Amazon Q Developer Pro subscription in the Amazon Q Developer Pro console, including managing access to features and enabling trusted access.

To access the Amazon Q Developer Pro console, you must have the permissions defined in Allow administrators to use the Amazon Q Developer Pro console.

Manage account details

To manage what features of Amazon Q Developer are available to your users and access the Start URL that your users need to access Amazon Q Developer in the IDE, use the following procedure.

Open the Amazon Q Developer console.
Choose Settings.

To update what features are available to your users, choose Edit in the Amazon Q Developer account details panel.
To copy the Start URL, choose the clipboard icon under Start URL.

Provide the Start URL to your developers when they need to authenticate with their Amazon Q Developer Pro subscription in the IDE. For more information, see Using Amazon Q Developer in the IDE.

Enable trusted access

Amazon Q Developer uses trusted access to share the settings made in the AWS Organizations management account with member accounts in the same organization.

For example, the Amazon Q Developer Pro administrator, working in the Organizations management account, may enable suggestions with code references. If trusted access is enabled, then suggestions with code references will also be enabled for all member accounts in that organization.

When you subscribe to Amazon Q Developer Pro while using an AWS Organizations management account, you are given the option to share settings with member accounts. You may also share or un-share those settings after subscribing.

To enable or disable trusted access after subscribing, use the following procedure.

On the Amazon Q Developer Settings page, under Member account settings, choose Edit.
In the pop-up window, select On or Off.
Choose Save.

To learn more about trusted access, see Enabling trusted access for AWS Account Management in the AWS Organizations User Guide.

Enabling prompt logging

You can enable the logging of all inline or chat prompts used with Amazon Q Developer in the IDE by developers in your organization. These logs can help with auditing, debugging, analytics, and ensuring compliance.

When you chat with Amazon Q or use inline code completion in the IDE, Amazon Q will log both the request and response parameters. When you develop software with the Amazon Q Agent for software development, only the request parameters will be logged.

Note

If you set up Amazon Q Developer Pro with an organization instance of IAM Identity Center, then you must set up prompt logging with an Amazon S3 bucket in your organization management account. If you set up Amazon Q Developer with an account instance of IAM Identity Center, then you must set up prompt logging with an Amazon S3 bucket in the account associated with that instance.

To use prompt logging, you will need an Amazon S3 bucket in the US East (N. Virginia) Region with a bucket policy like the one that follows.

In the following example, replace bucketName, region, accountId, and prefix with your own information:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "QDeveloperLogsWrite",
            "Effect": "Allow",
            "Principal": {
                "Service": "q.amazonaws.com"
            },
            "Action": [
                "s3:PutObject",
            ],
            "Resource": [
                "arn:aws:s3:::bucketName/prefix/*",
            ],
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "accountId"
                },
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:codewhisperer:region:accountId:*"
                } 
            }
        }
    ]
}

If you're configuring SSE-KMS on the bucket, add the below policy on the KMS key:


{
    "Effect": "Allow",
    "Principal": {
        "Service": "q.amazonaws.com"
    },
    "Action": "kms:GenerateDataKey",
    "Resource": "*",
    "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "accountId" 
        },
        "ArnLike": {
           "aws:SourceArn": "arn:aws:codewhisperer:region:accountId:*"
        }
    }
}

To learn about protecting the data in your Amazon S3 bucket, see Protecting data with encryption in the Amazon Simple Storage Service User Guide.

To enable prompt logging, use the following procedure:

Open the Amazon Q Developer console.
Choose Settings.
Under Preferences, choose Edit.
In the Edit preferences window, toggle Q Developer prompt logging.
Under Amazon S3 location, enter the path of the Amazon S3 bucket that you will use to receive the logs.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Understanding subscriptions

Troubleshooting subscriptions