Amazon Q Business FAQs

Amazon Q Business is a fully managed service that deploys a generative AI business expert for your enterprise data. It comes with a built-in user interface, where users ask complex questions in natural language, create or compare documents, generate document summaries, and interact with their third-party applications.

To get started, navigate to Amazon Q Business in the AWS Management Console.

Amazon Q Business supports access control for your data so that users have access to the right content based on their permissions. You can integrate your Amazon Q Business web experience with your external SAML 2.0–supported identity provider (such as Okta, Azure AD, and Ping Identity) to manage user authentication and authorization.

Amazon Q Business helps administrators define the boundary of its capabilities through configurable controls. Amazon Q Business provides fine-grained security by managing enterprise access and access control list (ACL) permissions. When a user asks Amazon Q Business a question, it analyzes the data in the enterprise systems and generates responses only from the content that the user has access to.

Administrators can configure Amazon Q Business to respond strictly from enterprise documents or allow it to use external knowledge to respond to queries when the answer is not available in enterprise documents. Administrators can also configure allowed topics and blocked topics and words so that the responses are controlled. In addition, administrators can enable or disable the upload file feature for their end users.

For information on language support, see the documentation.

For details, see AWS Services by Region.

Amazon Q Business provides built-in plugins to interact with popular third-party applications, such as Jira, ServiceNow, Salesforce, and Zendesk. Administrators can enable these plugins to extend the capabilities of their Amazon Q Business application. For more information, see the documentation.

Amazon Q Business automatically saves your conversation history for one month. Administrators have the ability to delete conversation history from the application.

Amazon Q Business supports many common document types and formats, such as .PDF, .CSV, .DOCX, .HTML, .JSON and .PPT. For a list of supported documents, see the documentation.

No. However, AWS uses various foundation models from Amazon Bedrock within Amazon Q Business.

Amazon Q Business offers multiple prebuilt connectors that can connect to your data sources so that you can implement your generative AI solution with minimal configuration. Connectors offer modes for full synchronization or incremental data synchronization.

Yes. You can add custom connectors and then use the Amazon Q SDK to implement them. 

Yes, you can use prebuilt and custom plugins to connect to any third-party application to enable searching of real-time data such as stock prices, employee vacation balances, package locations, and more. With custom plugins, Amazon Q Business end users can take common actions such as submitting time off, sending meeting invites, and much more.

You can securely connect your workforce to Amazon Q Business applications and centrally manage workforce access using AWS IAM Identity Center. IAM Identity Center is built on top of AWS Identity and Access Management (IAM) to simplify access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications. In IAM Identity Center, you create, or connect, your workforce users for use across AWS. You can choose to manage access just to your AWS accounts, just to your cloud applications, or to both. You can create users directly in IAM Identity Center, or you can bring them from your existing workforce directory. With IAM Identity Center, you get a unified administration experience to define, customize, and assign fine-grained access. Your workforce users get a user portal to access their assigned AWS accounts or cloud applications.

IAM Identity Center removes the administrative complexity of federating and managing permissions separately for each AWS account. You can set up AWS applications from a single interface and assign access to your cloud applications from a single place. IAM Identity Center also helps improve access visibility by integrating with AWS CloudTrail and providing a central place for you to audit single sign-on access to AWS accounts and SAML-enabled cloud applications, such as Microsoft 365, Salesforce, and Box.

IAM Identity Center is the recommended front door into AWS. It should be your primary tool to manage the AWS access of your workforce users. You can manage your identities in your preferred identity source, connect them once for use on AWS, and define fine-grained permissions and apply them consistently across accounts. As the number of your accounts scales, IAM Identity Center gives you the option to use it as a single place to manage user access to all your cloud applications.