After setting up your application environment and connecting your data source(s), Amazon Q Business
begins indexing your enterprise data. You still need to grant the software providers
(ISVs) permissions as a data accessor to retrieve content from the Amazon Q index. By
granting a data accessor permissions, you are permitting the data accessor's AWS
account to access the Amazon Q index via the SearchRelevantContent API
operation.
To grant a data accessor permissions to your Amazon Q index, use either the Amazon Q Business console or the Amazon Q Business API.
The following procedures show how you can do this using the Amazon Q Business console or the AWS CLI.
Note
If you are using a customer managed key in your Amazon Q Business Application, you must set your key policy to allow the ISV principal access to the KMS key with the following policy:
{
"Version": "2012-10-17",
"Id": "isv-key-consolepolicy",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": ${isv_principal}
},
"Action": "kms:Decrypt",
"Resource": ${your_kms_key_arn}
},
"Condition": {
"StringLike": {
"kms:ViaService": [
"qbusiness.${region}.amazonaws.com"
]
}
}
]
}
