Creating an Amazon Q Business application - Amazon Q Business

Creating an Amazon Q Business application

To create an Amazon Q Business application, you can use either the AWS Management Console or the Amazon Q Business API.

Before you begin to create an Amazon Q Business application, make sure that you complete the setting up tasks. If you're using the AWS CLI or the Amazon Q Business API, make sure that you created the required IAM roles.

After you create an application, you can create your Amazon Q Business web experience. How you create the web experience depends on whether you use the AWS Management Console or the Amazon Q Business APIs.

  • AWS Management Console – If you use the console to create an application, the web experience is created automatically.

  • Amazon Q Business API – If you use the CreateApplication API operation to create an application, use the CreateWebExperience API operation to create your web experience.

The following tabs provide a procedure for creating your Amazon Q Business application using the AWS Management Console and code examples for using the AWS CLI.

Console

To create an application

  1. Sign in to the AWS Management Console and open the Amazon Q Business console.

  2. From the How it works menu, from Experiment with a sample – optional, choose Try quick application.

  3. On the Create application page, for Application settings, enter the following information for your Amazon Q Business application:

    • Application name – A name for your Amazon Q Business application for easy identification. This name is only visible in the AWS Management Console. The name can include hyphens (-), but not spaces, and can have a maximum of 1,000 alphanumeric characters.

  4. In Service access, for Choose a method to authorize Amazon Q Business, choose from the following options:

    • Create and use a new service-linked role (SLR) – Create and use a new Amazon Q Business-managed IAM role to allow it to access the AWS resources it needs to create your application.

    • Create and use a new service role (SR) – Create and use a new IAM role for Amazon Q Business to allow it to access the AWS resources it needs to create your application.

    • Use an existing service role (SR)/service-linked role (SLR) – Use an existing service role or service-linked IAM role to allow Amazon Q Business to access the AWS resources it needs to create your application.

      Note

      For more information about example service roles, see IAM role for an Amazon Q Business application. For information on service-linked roles, including to manage them, see Using service-linked roles.

    • Service role name – A name for the service (IAM) role you created for easy identification on the console.

  5. For Encryption – Amazon Q Business encrypts your data by default using AWS managed AWS KMS keys. To customize your encryption settings, select Customize encryption settings (advanced). Then, you can choose to use an existing AWS KMS key or create a new one.

  6. In Connect Amazon Q Business to IAM Identity Center, you will see the following options based on whether you have an IAM Identity Center instance already configured, or need to create one.

    1. If you don't have an IAM Identity Center instance configured, you see the following:

      • The region your Amazon Q Business application is in. This is so you can make sure that the region for your Amazon Q Business aplication and IAM Identity Center instance match.

      • Specify tags for IAM Identity Center – Add tags to keep track of your IAM Identity Center instance.

      • Create IAM Identity Center – Select to create a minimally-configured IAM Identity Center instance. The console will display an ARN for your newly created resource after it's created.

    2. If you have both an IAM Identity Center organization instance and an account instance configured, your instances will be auto-detected, and you see the following options:

      • Connect to organization instance of IAM Identity Center – Select this option to manage access to Amazon Q Business by assigning users and groups from the Identity Center directory for your organization.

      • Connect to account instance of IAM Identity Center – Select this option to manage access to Amazon Q Business by assigning existing users and groups from your Identity Center directory.

      • The region your Amazon Q Business application is in. This is so you can make sure that the region for your Amazon Q Business aplication and IAM Identity Center instance match.

      • IAM Identity Center – The ARN for your IAM Identity Center instance.

    3. If you have an IAM Identity Center account instance configured, your account instance will be auto-detected and you will see the following:

      • The region your Amazon Q Business application is in. This is so you can make sure that the region for your Amazon Q Business aplication and IAM Identity Center instance match.

      • IAM Identity Center – The Amazon Resource Name (ARN) for your IAM Identity Center instance.

    4. If you have an IAM Identity Center organization instance configured, you will see a message asking you to tell your admin to give you access to IAM Identity Center. You will need access to IAM Identity Center before you can proceed.

  7. Tags – optional – To add tags to your Amazon Q Business application and web experience, select Add new tag. Then, enter the following information for each tag:

    • Key – Add a key for your tag.

    • Value - optional – An optional value for your tag.

    For more information about using tags with Amazon Q Business, see Tags.

  8. To start creating your application, choose Create.

AWS CLI

To configure an Amazon Q Business application 


aws qbusiness create-application \
--display-name application-name \
--identity-center-instance-arn identity-center-instance-arn \
--role-arn roleArn \
--description application-description \
--enryption-configuration kmsKeyId=<kms-key-id> \
--attachments-configuration attachmentsControlMode=ENABLED