Start a conversation with Amazon Q network reachability analysis

Amazon Q network reachability analysis is in preview release and is subject to change. This feature is only available in the US East (N. Virginia) Region.

If you have a network connectivity issue, you can start a conversation with the Amazon Q network reachability analysis generative AI assistant.

Before you continue, make sure that an IAM administrator has granted you access. For more information, see IAM permissions required for Amazon Q network reachability analysis.

To start a conversation with Amazon Q network reachability analysis

Open the AWS Management Console at https://console.aws.amazon.com/.
Choose the Amazon Q icon in the right sidebar on the AWS Management Console.
Enter a question in the Ask me anything about AWS bar and then press Enter on your keyboard. Amazon Q then interprets the input and determines whether it's a question that it can answer about network connectivity.
After receiving the initial response, you can iterate and refine the response by asking follow-up questions as needed.
(Optional) Choose Regenerate at the lower right of the response to have Amazon Q network reachability analysis generate a new response to your last question. You can do this, for example, to help you analyze a network connectivity issue iteratively by testing each adjustment.
(Optional) To start a new conversation and clear the context provided by previous questions and responses, choose the Start new analysis button that is located near the top of the screen.
When you are finished, choose Close.

Examples of types of questions supported by Amazon Q network reachability analysis

When asking network connectivity questions in Amazon Q, we recommend phrasing them similarly to the following question types.

Why can't I SSH into my Linux instance?
Why can't I connect to my Windows VM using RDP?
Why can't I access the internet from vpc-1a2b3c4d?
Are any of my instances publicly accessible?
Are there any public instances in subnet-1a2b3c4d?
Do I have any egress from my VPC to the internet?
Can I connect from the internet to dev-dsk?
Are my routes set up correctly to allow internet access?
Can you help me figure out why I can't connect from the bastion host to my private instance in the database subnet?
Which of my security groups are preventing access to my RDS database?

Send us feedback

Sometimes Amazon Q network reachability analysis might not interpret your question the way you wanted. When this happens, you can provide feedback on the answer.

Use the following procedure to provide feedback on an answer when you receive it.

Choose the thumbs-up or thumbs-down icon at the lower left of the response.
For negative feedback, you can leave a comment describing what's wrong with the answer.
Your feedback is sent to the product team, along with the current conversation history and the network resource metadata we analyzed. Leaving a comment helps us fix technical issues, even if you don't receive a response.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions

Identity and access management