Atlassian Confluence is a collaborative work-management tool designed for sharing, storing, and working on project planning, software development, and product management. If you’re a Atlassian Confluence user, you can create an Amazon Q Business plugin to allow your end users to search pages from within their web experience chat.
To create a Atlassian Confluence plugin, you need configuration information from your Atlassian Confluence instance to set up a connection between Amazon Q and Atlassian Confluence and allow Amazon Q to perform actions in Atlassian Confluence.
For more information on how to use plugins during your web experience chat, see Using plugins.
Prerequisites
Before you configure your Amazon Q Atlassian Confluence plugin, you must do the following:
-
As an admin, create a new OAuth 2.0 Atlassian Confluence app in the Atlassian Confluence developer console with scoped permissions for performing actions in Amazon Q. To learn how to do this, see OAuth 2.0 (3LO) apps
in Atlassian Confluence Developer Documentation. Make sure sharing is enabled. Required scopes: search:confluence. -
Note the domain URL of your Atlassian Confluence instance. For example:
https://api.atlassian.com/ex/confluence/. To learn how to find your instance ID (Cloud Site ID), go to How to find Cloud Site IdyourInstanceId. -
Note your:
-
Access token URL – For Atlassian Confluence OAuth applications, this is
https://auth.atlassian.com/oauth/token. -
Authorization URL – For Atlassian Confluence OAuth applications, this is
https://auth.atlassian.com/authorize. -
Redirect URL – The URL to which user needs to be redirected after authentication. If your deployed web url is
<q-endpoint>, use<q-endpoint>/oauth/callback. Amazon Q Business will handle OAuth tokens in this URL. This callback URL needs to be allowlisted in your third-party application. -
Client ID – The client ID generated when you create your OAuth 2.0 application in Atlassian Confluence.
-
Client secret – The client secret generated when you create your OAuth 2.0 application in Atlassian Confluence.
You will need this authentication information during the plugin configuration process.
-
Service access roles
To successfully connect Amazon Q to Atlassian Confluence, you need to give Amazon Q the following permission to access your Secrets Manager secret to get your Atlassian Confluence credentials. Amazon Q assumes this role to access your Atlassian Confluence credentials.
The following is the service access IAM role required:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:{{your-region}}:{{your-account-id}}:secret:[[secret-id]]"
]
}
]
}To allow Amazon Q to assume a role, use the following trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QBusinessApplicationTrustPolicy",
"Effect": "Allow",
"Principal": {
"Service": "qbusiness.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{source_account}}"
},
"ArnLike": {
"aws:SourceArn":"arn:aws:qbusiness:{{your-region}}:{{source_account}}:application/{{application_id}}"
}
}
}
]
}
If you use the console and choose to create a new IAM role, Amazon Q creates the role for you. If you use the console and choose to use an existing secret, or you use the API, make sure your IAM role contains these permissions.
Creating a plugin
To create a Atlassian Confluence plugin for your web experience chat, you can use the AWS Management Console or the CreatePlugin API operation. The following tabs provide a procedure for creating a Atlassian Confluence plugin using the console and code examples for the AWS CLI.
To create a Atlassian Confluence plugin
-
Sign in to the AWS Management Console and open the Amazon Q console.
-
From the Amazon Q console, in Applications, select the name of your application from the list of applications.
-
From the left navigation menu, choose Actions, and then choose Plugins.
-
For Plugins, choose Add plugin.
-
For Add plugins, choose Atlassian Confluence.
-
For Atlassian Confluence, enter the following information:
-
In Plugin name, for Name – A name for your Amazon Q plugin. The name can include hyphens (-), but not spaces, and can have a maximum of 1,000 alphanumeric characters.
-
In Domain URL, for URL – Enter your Atlassian Confluence domain URL. For example,
https://api.atlassian.com/ex/confluence/.yourInstanceId -
OAuth 2.0 authentication – do the following:
-
For AWS Secrets Manager secret – Choose Create and add a new secret or Use an existing one. Your secret must contain the following information:
-
Secret name – A name for your Secrets Manager secret.
-
Client ID – The client ID generated when you create your OAuth 2.0 application in Atlassian Confluence.
-
Client secret – The client secret generated when you create your OAuth 2.0 application in Atlassian Confluence.
-
For Redirect URL – The URL to which user needs to be redirected after authentication. If your deployed web url is
<q-endpoint>, use<q-endpoint>/oauth/callback. Amazon Q Business will handle OAuth tokens in this URL. This callback URL needs to be allowlisted in your third-party application.
-
-
For Access token URL – For Atlassian Confluence OAuth applications, this is
https://auth.atlassian.com/oauth/token. -
For Authorization URL – For Atlassian Confluence OAuth applications, this is
https://auth.atlassian.com/authorize.
-
-
Service access – Choose Create and add a new service role or Use an existing service role. Make sure tha your service role has the necessary permissions.
-
-
Tags – optional – An optional tag to track your plugin.
-
Choose Save.
