Prerequisites Ask Amazon Q about resources

Chatting about your resources

In the AWS Management Console, you can ask Amazon Q about your AWS account resources. In the chat panel, ask Amazon Q to list a type of resource in your account, for details about a specific resource, or to list resources based on a criteria such as region or state.

Amazon Q can perform get, list, and describe actions to retrieve your AWS resources. For example, you can ask “List my S3 buckets” or “Show my running EC2 instances in us-east-1”. Amazon Q can’t answer questions about the data stored in your resources, such as listing objects in an Amazon S3 bucket, or questions related to your account security, identity, credentials, or cryptography.

Amazon Q lists up to 10 resources in the chat panel, and the response includes details about each resource, a resource ARN that you can copy, and, if applicable, a link to the service console. When you ask about one resource, the response also includes the resource information in JSON format.

Prerequisites

For Amazon Q to show your resources, the following prerequisites must be met.

Add permissions

To chat about your resources, your IAM identity must have the following permissions:

Permissions to chat with Amazon Q and to allow Amazon Q to access your resources. For an IAM policy that grants the required permissions, see Allow Amazon Q to perform actions on your behalf in chat.
Permissions to access the resources you ask about. For example, if you ask Amazon Q to list your Amazon S3 buckets, you must have the s3:ListAllMyBuckets permission.

Amazon Q will never access resources that your IAM identity doesn't have access to.

Important

Normal fees apply when you ask Amazon Q to perform read, list, or describe actions. For more information, see the pricing page for the AWS service you are asking Amazon Q about.

Amazon Q chat makes calls from US East (N. Virginia), so it might have to make cross-Region calls to access your resources in another Region, including to opt-in Regions. Amazon Q requires cross-Region consent to retrieve resources. To consent to cross-Region calls, complete the following steps:

Open the AWS Management Console and choose the Amazon Q icon.
If you haven’t consented already, a notification about cross-Region calls appears above the text bar. Choose Continue to consent to Amazon Q making cross-Region calls to access your resources. If you choose Don’t allow, you won’t be able to ask Amazon Q about your AWS resources.
If you want to modify your cross-Region settings, choose the gear icon in the top right corner of the chat panel.

Ask Amazon Q about resources

You can ask Amazon Q to list your resources or get details about a specific resource or group of resources.

When you ask Amazon Q about your resources, you can specify the Region that Amazon Q calls to locate your resources. If no Region is specified, Amazon Q uses your current console Region, or the most recent console Region if you are using a global console Region. If no Region is found, it defaults to calling US East (N. Virginia).

Amazon Q might need additional information to retrieve your resources, such as the name of a resource or a resource ARN. When Amazon Q asks a follow up, reply with the requested details.

Following are example questions you can ask Amazon Q about your resources:

Describe the encryption settings for S3 bucket <name>
List my EC2 instances in us-west-2
Get the configuration for my lambda function <name>
What alarms are configured for instance <instance ID>?

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Chatting about AWS

Chatting about your costs