IAM permissions required for Amazon Q network reachability analysis

Amazon Q network reachability analysis is in preview release and is subject to change. This feature is only available in the US East (N. Virginia) Region.

Amazon Q network reachability analysis is made possible by data from multiple AWS services. The IAM user that accesses Amazon Q network reachability analysis must have permissions to use Amazon Q and the Amazon Q network reachability analysis feature. They must also have Get, List, Describe, and Search permissions for the entire suite of AWS services that support Amazon Q network reachability analysis, enabling it to use these permissions to access any of those services on your behalf.

By default, IAM users don't have permission to use Amazon Q network reachability analysis. An IAM administrator must create and assign IAM policies that give an IAM identity (such as a user or role) the necessary permissions.

The following permissions are required to use Amazon Q network reachability analysis:

AmazonQFullAccess
AmazonVPCReachabilityAnalyzerFullAccessPolicy

The actions for AWS Network Manager Chat. The following is an example policy statement.


{
  "Version" : "2012-10-17",
  "Statement" : [
    {
      "Effect" : "Allow",
      "Action" : [
        "networkmanager-chat:CreateConversation",
        "networkmanager-chat:ListConversations",
        "networkmanager-chat:DeleteConversation",
        "networkmanager-chat:NotifyConversationIsActive",
        "networkmanager-chat:SendConversationMessage",
        "networkmanager-chat:ListConversationMessages",
        "networkmanager-chat:CancelMessageResponse"
      ],
      "Resource" : "*"
    }
  ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Overview

Start a conversation