Enabling Amazon Q in AWS Supply Chain
Note
Only an AWS Supply Chain administrator can enable Amazon Q in AWS Supply Chain.
To enable Amazon Q in AWS Supply Chain, perform the following procedure:
-
In the left navigation pane on the AWS Supply Chain dashboard, choose the Settings icon.
-
Under Organization, choose Organization Profile.
The Organization Profile page appears.
Under Enable access for Amazon Q..., slide the Amazon Q in AWS Supply Chain button to enable Amazon Q in AWS Supply Chain and ask questions regarding your supply chain.
Choose Save.
The Confirm Amazon Q in AWS Supply Chain access window appears.
Choose Acknowledge.
The Amazon Q dialog window should automatically appear on the right side of the page. You can hide or unhide the page by choosing the Amazon Q icon.
Prerequisites for existing AWS Supply Chain users
Note
If your AWS Supply Chain instance was created before the Amazon Q in AWS Supply Chain release, you will need to follow the procedure below to update the instance permissions.
To update the instance role in the IAM console, perform the following steps:
Make sure all the permissions listed under KMS policy are added to the KMS key policy used in the AWS Supply Chain instance.
In the IAM console, find the instance role with the AWS Supply Chain InstanceId. You can find the AWS Supply Chain InstanceId in the AWS Supply Chain console.
Attach the following policy as an inline policy to the role.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AccessKmsToEnableAscQ", "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "{{
kmsKeyArn
}}", "Condition": { "ForAllValues:StringEquals": { "kms:GrantOperations": [ "Encrypt", "Decrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "DescribeKey" ] }, "StringLike": { "kms:ViaService": "scn.*.amazonaws.com" }, "Bool": { "kms:GrantIsForAWSResource": true } } }, { "Sid": "AccessKmsToInteractWithAscQ", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Resource": "{{kmsKeyArn
}}", "Condition": { "StringLike": { "kms:ViaService": "scn.*.amazonaws.com" } } } ] }Replace the
kmsKeyArn
with the actual AWS KMS Key Arn used in the AWS Supply Chain instance.