- Amazon Q Business - Workflow
- Amazon Q Business - Key Concepts
- Amazon Q Business - Subscription Tiers & Index Types
- Amazon Q Business - Service Quotas
- Amazon Q Business - Document Attributes
- Amazon Q Business - Setup
- Amazon Q Business - Identity Center Directory
- Amazon Q Business - Identity Center Integrated Application
- Amazon Q Business - Identity Federation Application
- Amazon Q Business - Data Sources Connectors
- Amazon Q Business - Enhance Application
- Amazon Q Business - Features
- Amazon Q Business - Security
- Amazon Q Business - Monitoring
- Amazon Q Business API Reference
- Amazon Q Business - API Overview
- Amazon Q Business - API References
- Amazon Q Business - Supported Actions
- Amazon Q Business - Supported Data Types
- Amazon Q Business - Common Parameters
- Amazon Q Business - Common Errors
- Amazon Q Developer User Guide
- Amazon Q Developer - Introduction
- Amazon Q Developer - Getting Started
- Amazon Q Developer - On AWS
- Amazon Q Developer - In IDE
- Amazon Q Developer - Command Line
- Amazon Q Developer - Customization
- Amazon Q Developer - Security
- Amazon Q Developer - Monitoring
- Amazon Q Developer - Supported Region & Service Rename
- Amazon Q Developer - Document History
Amazon Q Business - Workflow
Amazon Q Business lets you create a chat app for your organization using your company data and AI knowledge, or just your company data. Workflow is different for admin and user, here in this article we have covered both of them.
Admin Workflow
Amazon Q Business uses AWS IAM Identity Center to connect to your workforce users. This allows for Identity Federation, which enables users to access multiple applications with a single set of login credentials. As an admin user, when configuring an Amazon Q Business application, you need to decide whether to use IAM Identity Center or AWS Identity and Access Management (IAM) for managing access to your application. This choice affects the application creation process.
- If IAM Identity Center is already set up in your organization, Amazon Q Business will automatically connect to it. This allows you to manage access based on your corporate directory users and groups. You'll also get accurate billing and scalable configuration for your Amazon Q Business use cases.
- If IAM Identity Center is not enabled yet, work with your AWS Administrator to enable it for your organization. This gives them full control and ensures accurate billing and flexibility for Amazon Q Business growth across multiple AWS accounts and integrations. If not possible, you can enable it yourself through the Amazon Q Business console, but this will limit your deployment to a single AWS Region and account.
- If you cannot use any IAM Identity Center option, you can still use IAM Federation (OIDC or SAML) to set up Amazon Q Business. This allows user access, but limits scalability and integration with other AWS apps.
Admin Workflow Conditions
- If you have Amazon Q Business deployments with account instances of IAM Identity Center in multiple AWS accounts, you will be billed separately for user subscriptions per AWS account.
- If you have Amazon Q Business deployments with IAM federation to multiple AWS accounts, you will be billed separately for user subscriptions per AWS account.
The following section outlines the admin workflow for creating applications with IAM Identity Center and Identity Federation through IAM.
Admin Workflow for Apps
Using AWS IAM Identity Center
To manage end user access to Amazon Q Business applications using AWS IAM Identity Center, you need to create an IAM Identity Center instance and configure it for your Amazon Q Business application. This allows you to manage access based on your organization's identity provider.
As an admin, use IAM Identity Center to manage users and create an Amazon Q Business application environment by completing the following steps.
- To set up your Amazon Q Business environment, enable an IAM Identity Center instance and connect your identity source. This can be done at either the organization or account level.
- Connecting an IAM Identity Center instance for your Amazon Q Business application environment with users and groups added.
- Creating a fully-configured Amazon Q Business application that powers your web experience, connected to IAM Identity Center.
- Choosing a retriever and index type for the application environment.
- Add groups and users to access the Amazon Q Business web experience and set up their subscriptions. Note that an application environment is created even without users, but it requires at least one subscribed user to function.
- Configure admin controls, chat relevance, plugins, and features (including Amazon Q Apps) to enhance the web experience for end users.
- Then, share the web experience URL generated by Amazon Q Business with the end users you've subscribed so that they can log in and begin chatting.
Amazon Q Business creates a web experience for you when you create an application environment using the console. If you use the API, you need to create the web experience yourself.
Only an admin can create and upgrade user subscriptions.
Using Identity Federation through IAM
Amazon Q Business uses Identity Federation through IAM to manage end user access to applications. This means your application gets user identities directly from your identity provider. As an admin, you create and configure a Amazon Q Business application environment using IAM Identity Federation by completing the following steps.
- Connect your external identity provider to AWS IAM by configuring and linking them together.
- Creating a fully-configured Amazon Q Business application that powers your web experience, connected to your identity provider through IAM.
- Choosing a retriever and index type for the application environment.
- Managing access for end users by adding subscriptions and creating a Amazon Q Business web experience.
- To enhance the Amazon Q Business web experience for end users, you can customize and configure various features. This includes using plugins, scheduling meetings, and tuning chat relevance. You can also configure admin-level controls.
- Share the web experience URL with your subscribed end users, either your custom URL or the one generated by Amazon Q Business, so they can log in and start chatting.
User Workflow
If you're an end user using your organization's Amazon Q Business web experience, you perform the following steps.
- Go to your organization's Amazon Q Business URL and sign in with your credentials.
- Start chatting and ask questions of your organization's Amazon Q Business web experience. You can, for example choose from the following options:
- Ask a question: Amazon Q Business will provide answers based on accessible enterprise data. Then, ask follow-up questions to continue the conversation.
- Verify response sources: Each Amazon Q Business answer cites the source documents used to generate it.
- Summarize content: Amazon Q Business can summarize email message threads.
- Create outlines and drafts: Use Amazon Q Business to create outlines and templates for documents.
- Perform plugin actions: Use plugins to perform tasks, like creating a ticket in a third-party app, through Amazon Q Business.
- Amazon Q Business can't answer if your question needs info outside your company's data. But, if your admin allows it, Amazon Q Business can use its own knowledge to respond.
The following diagram shows you how Amazon Q Business responds to chat requests.
Conclusion on Workflow
In response to an end user query during a web experience chat, Amazon Q Business does the following:
- Amazon Q Business finds relevant documents for your query using the chosen retriever, while respecting access controls and authorization set by the admin.
- Amazon Q Business answers your query using either company data, its own knowledge, or a mix of both, based on admin settings.
- Returns the generated response to the end user. Amazon Q Business assigns a unique message ID to each answer for tracking purposes.