Before end users can retrieve content from the Amazon Q index that you have been granted
access to, you need to be able to make authenticated Amazon Q Business API calls, like the
SearchRelevantContent API operation.
To do this you, must complete the steps in Make authenticated Amazon Q Business API calls using IAM Identity Center.
Note
Use the instructions from the previous topic, but modify the
QBusinessConversationPermission permission by adding the additional
action , "qbusiness:SearchRelevantContent" to the list of allowed
actions, as shown in the following sample snippet of the full permission.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QBusinessConversationPermission",
"Effect": "Allow",
"Action": [
"qbusiness:Chat",
... ,
"qbusiness:SearchRelevantContent"
],
...
}"When configuring access scopes for your Amazon Q Businessapplication environment, add the following
using the AWS CLI to enable calling the SearchRelevantContent API:"
aws sso-admin put-application-access-scope \
--application-arn identity-center-custom-application-arn \
--scope "qbusiness:conversations:access"
aws sso-admin put-application-access-scope \
--application-arn identity-center-custom-application-arn \
--scope "qbusiness:content:access"
The following AWS CLI example shows how to call this SearchRelevantContent
API operation after you have these credentials.
aws qbusiness search-relevant-content \
--application-id ${qbusiness_application_id} \
--query-text "What is Amazon Q?" \
--content-source '{"retriever": {"retrieverId": "${retriever_id"}}'
