Amazon Q Developer and AWS Organizations - AWS Organizations

Amazon Q Developer and AWS Organizations

Amazon Q Developer is a generative artificial intelligence (AI) powered conversational assistant that can help you understand, build, extend, and operate AWS applications. It is also a general purpose, machine learning-powered code generator that provides you with code recommendations in real time. The paid subscription version of Amazon Q Developer requires Organizations integration. For more information see Account, IAM Identity Center, and Organizations setup in the Amazon Q user guide.

Use the following information to help you integrate Amazon Q Developer with AWS Organizations.

Service-linked roles

The AWSServiceRoleForAmazonQDeveloper service-linked role allows Amazon Q Developer to perform supported operations within your organization. Create the role using the Amazon Q Developer console, API, or CLI, as described in Creating a service-linked role in the IAM User Guide.

If you are using a member account, then you can delete or modify this role only if you disable trusted access between Amazon Q Developer and Organizations, or if you remove the member account from the organization.

Service principals used by Amazon Q Developer

The service-linked role in the previous section can be assumed only by the service principals authorized by the trust relationships defined for the role. The service-linked roles used by Amazon Q Developer grant access to the following service principals:

  • q.amazonaws.com

Enabling trusted access with Amazon Q Developer

Amazon Q Developer Pro uses trusted access to share the settings made in the Organizations management account with member accounts in the same organization.

For example, the Amazon Q Developer Pro administrator, working in the Organizations management account, may enable suggestions with code references. If trusted access is enabled, then suggestions with code references will also be enabled for all member accounts in that organization.

You can enable trusted access using only Amazon Q Developer.

To enable trusted access for Amazon Q Developer, use this procedure.

  1. On the Amazon Q Developer Settings page, under Member account settings, choose Edit.

  2. In the pop-up window, select On.

  3. Choose Save.

For more information, see Enabling trusted access in the Amazon Q Developer user guide.

Disabling trusted access with Amazon Q Developer

You can disable trusted access using only the Amazon Q Developer tools.

To disable trusted access for Amazon Q Developer, use this procedure.

  1. On the Amazon Q Developer Settings page, under Member account settings, choose Edit.

  2. In the pop-up window, select Off.

  3. Choose Save.

For more information, see Enabling trusted access in the Amazon Q Developer user guide.