IAM role for an Amazon Q Business web experience

If the admin user uses the AWS Management Console to create and manage their Amazon Q Business application environment and web experiences then the following IAM role is created automatically for you when you choose a new or existing service role that is already working for your application environments to authorize the Web experience service access.

Note

If you are using permissions for Amazon Q Apps created prior to July 10, 2024, you must update your role with the new Amazon Q Apps permissions for your users to have access to use the permissions to view and specify approved data sources and other future features in Q Apps.

If you are not using the console and want to allow Amazon Q to invoke the API operations required to integrate your application environment, deploy your chat web experience, use an external IdP, and use Amazon Q Apps you must use the following IAM policies.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon Q Business application

IAM Identity Center web experience