Granting a data accessor (ISV) permission to connect to your Amazon Q index

After setting up your application environment and connecting your data source(s), Amazon Q Business begins indexing your enterprise data. You still need to grant the software providers (ISVs) permissions as a data accessor to retrieve content from the Amazon Q index. By granting a data accessor permissions, you are permitting the data accessor's AWS account to access the Amazon Q index via the SearchRelevantContent API operation.

To grant a data accessor permissions to your Amazon Q index, use either the Amazon Q Business console or the Amazon Q Business API.

The following procedures show how you can do this using the Amazon Q Business console or the AWS CLI.

Topics

Note

If you are using a customer managed key in your Amazon Q Business Application, you must set your key policy to allow the ISV principal access to the KMS key with the following policy:



{
    "Version": "2012-10-17",
    "Id": "isv-key-consolepolicy",
    "Statement": [
        {
            "Sid": "Enable IAM User Permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": ${isv_principal}
            },
            "Action": "kms:Decrypt",
            "Resource": ${your_kms_key_arn}
        },
        "Condition": {
                "StringLike": {
                    "kms:ViaService": [
                        "qbusiness.${region}.amazonaws.com"
                    ]
                }
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Prerequisites

Using the Console