IAM roles for Amazon Q Business
When you create an application or a web experience with Amazon Q Business, or connect a data source to it, Amazon Q Business needs access to the required AWS resources.
If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create the Amazon Q Business resource. When you call the operation, you provide the Amazon Resource Name (ARN) role with the policy attached.
If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role. The console displays roles that have the string qbusiness or QBusiness in the role name.
The following topics provide details for the required policies. If you create IAM roles using the Amazon Q Business console, these policies are created on your behalf.
Topics
- IAM role for an Amazon Q Business application
- IAM role for an Amazon Q Business web experience
- IAM role for Amazon Q Business data source connectors
- IAM role for Amazon S3 data sources
- IAM role for Amazon Q Business plugins
- IAM roles for custom document enrichment in Amazon Q Business
- IAM role for an Amazon Kendra retriever