Chatting about your resources - Amazon Q Developer
PrerequisitesAsk Amazon Q for resource informationCount resources with AWS Resource Explorer

Chatting about your resources

In the AWS Management Console, you can ask Amazon Q about your AWS account resources. In the chat panel, ask Amazon Q to list or provide details about a type of resource in your account, to list resources based on a criteria such as region or state, or to troubleshoot resources.

To respond to questions about resources, Amazon Q uses service APIs and AWS Cloud Control API to retrieve the requested information. To allow Amazon Q to call the APIs required to retrieve requested resource information, your IAM identity must have permissions to use those APIs. For more information, see Prerequisites.

Amazon Q can perform get, list, and describe actions to retrieve information about your AWS resources. For example, you can ask "List my S3 buckets" or "Show my running Amazon EC2 instances in us-east-1". Amazon Q can’t answer questions about the data stored in your resources, such as listing objects in an Amazon S3 bucket, or questions related to your account security, identity, credentials, or cryptography.

Amazon Q lists up to 10 resources in the chat panel, and the response includes details about each resource, a resource ARN that you can copy, and, if applicable, a link to the service console. When you ask about one resource, the response also includes the resource information in JSON format.

You can also ask Amazon Q to troubleshoot the resources in your AWS account. For more information, see Asking Amazon Q to troubleshoot your resources.

Prerequisites

For Amazon Q to answer questions about your resources, the following prerequisites must be met.

Add permissions

To chat about your resources, your IAM identity must have the following permissions:

  • Permissions to chat with Amazon Q, to use Cloud Control API, and to allow Amazon Q to access your resources. For an IAM policy that grants the required permissions, see Allow users to chat about resources with Amazon Q.

  • Permissions to access the resources you ask about. For example, if you ask Amazon Q to list your Amazon S3 buckets, you must have the s3:ListAllMyBuckets permission.

    Amazon Q will never access resources that your IAM identity doesn't have access to.

Important

Normal fees apply when you ask Amazon Q to perform read, list, or describe actions. For more information, see the pricing page for the AWS service you are asking Amazon Q about.

Amazon Q chat makes calls from US East (N. Virginia), so it might have to make cross-Region calls to access your resources in another Region, including to opt-in Regions. Amazon Q requires cross-Region consent to retrieve resources. To consent to cross-Region calls, complete the following steps:

  1. Open the AWS Management Console and choose the Amazon Q icon.

  2. If you haven’t consented already, a notification about cross-Region calls appears above the text bar. Choose Continue to consent to Amazon Q making cross-Region calls to access your resources. If you choose Don’t allow, you won’t be able to ask Amazon Q about your AWS resources.

  3. If you want to modify your cross-Region settings, choose the gear icon in the top right corner of the chat panel.

Ask Amazon Q for resource information

You can ask Amazon Q to list your resources or get details about a specific resource or group of resources.

When you ask Amazon Q about your resources, you can specify the Region that Amazon Q calls to locate your resources. If no Region is specified, Amazon Q uses your current console Region, or the most recent console Region if you are using a global console Region. If no Region is found, it defaults to calling US East (N. Virginia).

Amazon Q might need additional information to retrieve your resources, such as the name of a resource or a resource ARN. When Amazon Q asks a follow up, reply with the requested details.

Following are example questions you can ask Amazon Q about your resources:

  • Describe the encryption settings for S3 bucket <name>

  • List my EC2 instances in us-west-2

  • Get the configuration for my lambda function <name>

  • What alarms are configured for instance <instance ID>?

Count resources with AWS Resource Explorer

When you ask a question that requires resource counting, such as 'How many EC2 resources are running in my account?', Amazon Q uses Cloud Control API by default to return a count of the requested resources. You also have the option to enable and configure Resource Explorer for faster resource counting with Amazon Q.

If Resource Explorer is enabled, Amazon Q will attempt to use it when generating a response that requires counting your resources. Amazon Q can use Resource Explorer to count a single type of resource across all AWS Regions. Using Resource Explorer enables Amazon Q to count resources faster by returning the count from the Resource Explorer index, as opposed to calling service APIs to list resources and count the results.

If you choose to enable Resource Explorer for resource counting, note that resource information can be out of date. Resource Explorer indexes resources in your account by taking a periodic inventory, and if resources have been created or deleted after the last inventory, the resource count will be incorrect. Resource Explorer also doesn't support resource filtering. If you ask to count resources matching a specific criteria, Amazon Q will fall back to Cloud Control API.

If you don't have Resource Explorer enabled and configured for use, or if Amazon Q can't use Resource Explorer to answer your question, Amazon Q uses Cloud Control API to count resources. Using Cloud Control API ensures an accurate resource count and supports resource filtering, however this can also lead to increased latency compared to counting with Resource Explorer. If you are counting a large number of resources, Cloud Control API can also time out.

To use Resource Explorer for resource counting, the following configuration is required: