Subscribe users in a member account

Prerequisites Step 1: Enable Amazon Q Developer Pro and subscribe the first user Step 2: Subscribe other users Step 3: Enable identity-aware console sessions What resources were created?

A member account is an AWS account, other than the management account, that is part of an organization managed by AWS Organizations.

If you are the owner of a member account, you have a few options for subscribing users to Amazon Q Developer Pro:

Option 1: You can create new users and groups in your member account, and then subscribe them.
Option 2: If you have existing users and groups in an IAM Identity Center instance in your member account, you can create subscriptions for these users in your member account.
Option 3: If you have existing users and groups in an IAM Identity Center instance in a management account, you can create subscriptions for these users in your member account.

For all options, use the following instructions to subscribe users.

For more information about organizations, member accounts, and management accounts, see Terminology and concepts for AWS Organizations in the AWS Organizations User Guide.

Before you begin, make sure that:

You have a member AWS account.
You have the minimum permissions required to subscribe users and manage Amazon Q Developer settings. For more information, see Allow administrators to use the Amazon Q subscription console, and Allow administrators to use the Amazon Q Developer console.

Sign in to the AWS Management Console using your member AWS account.
Do one of the following:
- Go to the Amazon Q Developer console and then choose Subscribe to Amazon Q, which will redirect you to the Amazon Q console.
  
  Or
- Go directly to the Amazon Q console.
Make sure you're in the AWS Region where you want to subscribe users. You might have been switched to the US East (N. Virginia) Region if you came from the Amazon Q Developer console, so you might need to switch back. For supported Regions, see Amazon Q Developer Pro Region support.

The Amazon Q console appears.
Choose the Get started button.

Note
If you see a Subscribe button instead of Get started button, it means that you've already run through the 'Get started' workflow and can skip to Step 2: Subscribe other users.
Follow the on-screen prompts to enable Amazon Q Developer Pro in your account and subscribe your first user.
- If the first user's email address matches one in an existing IAM Identity Center in either your member account or a management account, then Amazon Q connects to that IAM Identity Center.
- If the first user's email address doesn't match one in an existing IAM Identity Center, then Amazon Q creates an IAM Identity Center in your member account, and adds the first user to it.
A welcome dialog box appears.
Choose Enable and subscribe to enable Amazon Q Developer Pro in your account and subscribe the first user.

A You're subscribed dialog box appears.
Choose Done.
(Optional) Verify that your subscription was created:
1. In the Amazon Q console, in the navigation pane, choose Subscriptions.
2. In the main pane, choose the Users tab.
The subscription of the first user should appear in the list in the Pending state. If not, refresh your browser tab.

Note
The subscription will change to the Active state after the user's first use of Amazon Q Developer features.
Have users check their email. They should receive an email titled Activate Your Amazon Q Developer Pro Subscription within 24 hours. In this email, users will find guidance on how to begin using their Amazon Q Developer Pro license in the AWS Management Console and their Integrated Development Environment (IDE). The email includes users' unique Start URL and AWS Region for authentication, and provides quickstart steps for using Amazon Q Developer in their IDE. This email streamlines the onboarding process and saves you valuable time by eliminating the need for you to manually notify each new user.

To subscribe other users, add them to your IAM Identity Center instance if they're not already there, and then subscribe them to Amazon Q by choosing Subscribe in the Amazon Q console.

For instructions on adding users to IAM Identity Center, see Add users to your IAM Identity Center directory in the AWS IAM Identity Center User Guide.

If you want to allow users to use their Amazon Q Developer Pro subscription on AWS apps and websites, enable identity-aware console sessions. For more information, see Enabling identity-aware console sessions in the AWS IAM Identity Center User Guide.

If you don't enable identity-aware console sessions, users can still use Amazon Q on AWS apps and websites, but they'll be limited to the Free tier.

Note

The ability to enable identity-aware console sessions—and therefore the ability to use Amazon Q Developer Pro subscriptions on AWS apps and websites—is only supported with organization instances of IAM Identity Center, not account instances. Use the following procedure to check whether you're using an organization instance.

To check whether Amazon Q is using an organization instance

Go to the Amazon Q console (not the Amazon Q Developer console).
Choose Settings.

If you're connected to an organization instance, you should see the following message:

If you're using organization instance, contact the management account administrator to enable identity-aware console sessions in the organization instance of IAM Identity Center.

When you subscribed users in your member account, Amazon Q created the following AWS resources on your behalf:

An account instance of IAM Identity Center. This instance is only created if the first user you subscribed wasn't found in an existing IAM Identity Center in the member account or management account. For more information about account instances of IAM Identity Center, see Account instances of IAM Identity Center in the AWS IAM Identity Center User Guide.

Note
Account instances of IAM Identity Center have limitations. For example, account instances don't support console access. (Users can still use Amazon Q in the console, it's just that they'll be subject to the Free tier monthly limits.) If you want your users to be able to use Amazon Q Developer Pro in the console and other AWS websites, they must exist in an organization instance of IAM Identity Center, in a management account. For more information, see Subscribe users in a management account.

Note
You can't convert or merge an account instance of IAM Identity Center into an organization instance.
The first user, in IAM Identity Center. (You might have added team members too.)
Pro tier subscriptions for the first user and other users, in Amazon Q Developer.
A managed application called QDefaultProfile, in IAM Identity Center. The application enables a settings profile (see the next bullet for details). The application is created once and shared between all Amazon Q Developer Pro subscribers in your member account.

Note
You can install the QDefaultProfile managed application in a maximum of 50 AWS accounts within an organization.
A settings profile, in the Amazon Q Developer console, under Settings. A settings profile is a collection of Amazon Q Developer settings associated with a QDefaultProfile application. The settings profile is created once and shared between all Amazon Q Developer Pro subscribers in your account.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

In a management account

Managing subscriptions