Before you begin - Amazon Q Business
Creating an applicationAdding users and groupsUser subscriptions

Before you begin

Before you start creating your Amazon Q Business sample application, note the following information.

Creating an application

The following are important things to consider before you begin creating your Amazon Q Business application:

  1. You must connect an Amazon Q Business application to an IAM Identity Center instance to manager end user access to your application. You can do this in the following two ways:

    • You can create and configure an IAM Identity Center instance and add users and groups to it. Then, when you create an Amazon Q Business application, you can assign the users and groups you’ve created in IAM Identity Center to your Amazon Q Business application.

    • If you don’t have an IAM Identity Center instance configured, or want to create a sample Amazon Q Business application to test a use case, you can create an IAM Identity Center instance from the Amazon Q Business console. An IAM Identity Center instance created from the Amazon Q Business console during the application creation process has limited functionality. You can only add users to an IAM Identity Center instance created from the Amazon Q Business and not groups.

    Your IAM Identity Center instance must be created in the same region as your Amazon Q Business application.

  2. During the application creation process, Amazon Q Business detects and customizes your application creation experience based on your level of integration with IAM Identity Center. Specifically, whether:

    • You haven’t yet created an IAM Identity Center instance.

    • You have have integrated with IAM Identity Center and created an account level instance.

    • You have integrated with IAM Identity Center and created an organization level instance.

    • You have integrated with IAM Identity Center and have created both an account level and organization level instance.

    Your path through creating an application will depend on your specific IAM Identity Center setup. For more information on different IAM Identity Center instances, see Confiure an IAM Identity Center instance.

  3. After creating an application and adding at least one subscribed user to it, you can test it by using the Customize web experience mode.

  4. Your IAM Identity Center instance must be created in the same region as your Amazon Q Business application.

  5. When your application is successfully created, Amazon Q Business generates a web experience login URL. Any user you've added to your sample application and enabled in IAM Identity Center can log in and chat with your Amazon Q Business application.

Adding users and groups

The following are important things to consider before you begin adding users and groups to your Amazon Q Business application:

  1. You must add, assign, and subscribe at least one user to your Amazon Q Business application for it to work as intended.

  2. You can add users and groups to your Amazon Q Business application in the following two ways:

    • You can create and configure a user or group in IAM Identity Center. Then, you can assign the users and groups you created in IAM Identity Center to your Amazon Q Business application during the application creation process.

    • You can create an IAM Identity Center instance from the Amazon Q Business console during the application creation process and add and assign a user to it. You can’t create groups from the Amazon Q Business console. You can only assign existing groups in IAM Identity Center to your Amazon Q Business application.

  3. When you add a new user to IAM Identity Center from the Amazon Q Business console, you need to make sure that the user is enabled in your IAM Identity Center instance and their email ID is verified before they can log in to your Amazon Q Business web experience to chat.

  4. When you add a new user, the user will receive a notification to their email asking them to accept your invitation to IAM Identity Center. You might also have to go to the IAM Identity Center console and send them an email verification request. Your user will have to verify their email and set their password before they can successfully log in to the web experience URL for your Amazon Q Business application. For more information, see Manage identities in IAM Identity Center.

  5. If you add a user to a group in IAM Identity Center and have given that group access to your application, it can take up to 24 hours for the change to take effect and for the user to be able to access your Amazon Q Business application.

User subscriptions

The following are important things to consider before you begin adding subscriptions to users and groups in your Amazon Q Business application:

  1. Subscription activation is tied to a user's group membership. When a user is added to a group that has a subscription, they become entitled to access that application.

  2. After you add users or groups to an application, you must choose the Amazon Q Business subscription tier for each user or group. Users or groups must be given a subscription tier before they can access and use your Amazon Q Business application. For information on what's included in the tiers of user subscriptions, see User subscription tiers.

  3. If a user is later removed from that group, their subscription will be revoked at the end of the current billing cycle (typically the end of the month). They will no longer be able to access the application after that point.

  4. User subscriptions are prorated when created or upgraded based on the number of days left in the calendar month. Any cancellations or downgrades are not prorated and apply starting in the next calendar month. The charges for user subscription starts only after first use by the user.

  5. If a user has individual subscriptions to multiple applications across different accounts, removing their group membership will only impact the subscription tied to that specific group. Their other individual subscriptions will remain active.

  6. AWS will deduplicate subscriptions across all Amazon Q Business applications and Amazon QuickSight accounts and charge each user only once for their highest subscription level. Note that deduplication will apply only if the Amazon Q Business applications and Amazon QuickSight accounts share the same IAM Identity Center.

  7. When you remove a user or group from the Amazon Q Business application, they still exist in IAM Identity Center. You can still search for and select the user or group to add to an application in future.

  8. You must confirm and save your user subscription settings, otherwise you are charged based on your unsaved user subscriptions.

  9. Administrators should monitor group membership changes and make appropriate adjustments to subscriptions to avoid over-charging users who no longer require access.