Amazon Q Business FAQs

Amazon Q Business

Amazon Q Business is a fully managed service that deploys a generative AI business expert for your enterprise data. It comes with a built-in user interface, where users ask complex questions in natural language, create or compare documents, generate document summaries, and interact with their third-party applications.

Amazon Q Business supports access control for your data so that users have access to the right content based on their permissions. You can integrate your Amazon Q Business web experience with your external SAML 2.0–supported identity provider (such as Okta, Azure AD, and Ping Identity) to manage user authentication and authorization.

Amazon Q Business helps administrators define the boundary of its capabilities through configurable controls. Amazon Q Business provides fine-grained security by managing enterprise access and access control list (ACL) permissions. When a user asks Amazon Q Business a question, it analyzes the data in the enterprise systems and generates responses only from the content that the user has access to.

Administrators can configure Amazon Q Business to respond strictly from enterprise documents or allow it to use external knowledge to respond to queries when the answer is not available in enterprise documents. Administrators can also configure allowed topics and blocked topics and words so that the responses are controlled. In addition, administrators can enable or disable the upload file feature for their end users.

For information on language support, see the documentation.

For details, see AWS Services by Region.

Amazon Q Business provides built-in plugins to interact with popular third-party applications, such as Jira, ServiceNow, Salesforce, and Zendesk. Administrators can enable these plugins to extend the capabilities of their Amazon Q Business application. For more information, see the documentation.

Amazon Q Business automatically saves your conversation history for one month. Administrators have the ability to delete conversation history from the application.

Amazon Q Business supports many common document types and formats, such as .PDF, .CSV, .DOCX, .HTML, .JSON and .PPT. For a list of supported documents, see the documentation.

No. However, AWS uses various foundation models from Amazon Bedrock within Amazon Q Business.

Amazon Q Business offers multiple prebuilt connectors that can connect to your data sources so that you can implement your generative AI solution with minimal configuration. Connectors offer modes for full synchronization or incremental data synchronization.

Yes. You can add custom connectors and then use the Amazon Q SDK to implement them. 

Yes, you can use prebuilt and custom plugins to connect to any third-party application to enable searching of real-time data such as stock prices, employee vacation balances, package locations, and more. With custom plugins, Amazon Q Business end users can take common actions such as submitting time off, sending meeting invites, and much more.

You can securely connect your workforce to Amazon Q Business applications and centrally manage workforce access using AWS IAM Identity Center. IAM Identity Center is built on top of AWS Identity and Access Management (IAM) to simplify access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications. In IAM Identity Center, you create, or connect, your workforce users for use across AWS. You can choose to manage access just to your AWS accounts, just to your cloud applications, or to both. You can create users directly in IAM Identity Center, or you can bring them from your existing workforce directory. With IAM Identity Center, you get a unified administration experience to define, customize, and assign fine-grained access. Your workforce users get a user portal to access their assigned AWS accounts or cloud applications.

IAM Identity Center removes the administrative complexity of federating and managing permissions separately for each AWS account. You can set up AWS applications from a single interface and assign access to your cloud applications from a single place. IAM Identity Center also helps improve access visibility by integrating with AWS CloudTrail and providing a central place for you to audit single sign-on access to AWS accounts and SAML-enabled cloud applications, such as Microsoft 365, Salesforce, and Box.

IAM Identity Center is the recommended front door into AWS. It should be your primary tool to manage the AWS access of your workforce users. You can manage your identities in your preferred identity source, connect them once for use on AWS, and define fine-grained permissions and apply them consistently across accounts. As the number of your accounts scales, IAM Identity Center gives you the option to use it as a single place to manage user access to all your cloud applications.

Amazon Q Business personalization capabilities are automatically enabled. Q Personalization leverages employee profile data from your organization’s identity provider that you have connected to AWS IAM Identity Center with no additional set-up needed, for contextual, more useful responses.

Amazon Q Apps

Amazon Q Apps, a new capability of Amazon Q Business, allows users to create apps built over enterprise data in Amazon Q Business. You can use Amazon Q Apps to streamline your tasks and accelerate individual and team productivity by building custom apps powered by generative AI. You can generate an app in a single step from your conversation with Amazon Q Business or by describing your requirements in natural language.

Yes, administrators can disable the ability for web experience users to create and run Amazon Q Apps through the Amazon Q Business application's feature settings in the Amazon Q console. Administrators can also remove published apps from the library.

Yes, Amazon Q Business already allows you to structure your responses based on user roles. It offers ACLs for user-level permissions on connected data sources and topic-level controls to block certain topics for specific user groups. This is consequently reflected in output of Amazon Q Apps.

The Amazon Q Apps library includes a heart-like button for users to endorse published apps that they find useful.

Using the thumbs up and down feature, app creators can send feedback on the quality of the generated prompt created from the Amazon Q chat conversation and about the quality of the newly generated app created from Q Apps Creator.

Amazon Q Apps inherits Amazon Q Business enterprise-grade security and access controls, enabling proper data access based on user permissions. It integrates with IAM Identity Center for authentication and authorization. Administrators have controls to disable access to Amazon Q Apps entirely (creation and usage) for a given Amazon Q Business application environment, or remove published Amazon Q Apps from the shared library, providing robust controls over these user-built apps.

To get started with Amazon Q Apps, set up an Amazon Q Business web experience and ensure that Amazon Q Apps is enabled in your application settings. Once set up, users with access to the Amazon Q Business web application can access and create Amazon Q Apps within the deployed web experience. You can create Amazon Q Apps directly from your chat conversation or by navigating to the Apps section.

Yes, published Amazon Q Apps are available in a shared library for all authorized users within the same Amazon Q Business application environment. Published Amazon Q Apps are available for all authorized users to run as-is or customize to fit their specific needs.

All users of a given Amazon Q Business web experience will have access to published Amazon Q Apps. To restrict access to specific organizational units, you will need to create separate Amazon Q Business application enviroment.

Yes. You can bring the power of Amazon Q Apps into your tools of choice and enterprise applications through APIs that seamlessly allow you to create and consume Amazon Q Apps outputs. Learn more at the API integration guide.