Amazon Q Developer and interface VPC endpoints (AWS PrivateLink)
Note
Amazon Q Developer supports VPC endpoints for features available in your IDE. Chatting with Amazon Q on AWS apps and websites is not supported.
You can establish a private connection between your VPC and Amazon Q Developer by creating an
interface VPC endpoint. Interface endpoints are powered by AWS PrivateLink
Each interface endpoint is represented by one or more Elastic Network Interfaces in your subnets.
For more information, see Interface VPC endpoints (AWS PrivateLink) in the Amazon VPC User Guide.
Considerations for Amazon Q VPC endpoints
Before you set up an interface VPC endpoint for Amazon Q, ensure that you review Interface endpoint properties and limitations in the Amazon VPC User Guide.
Amazon Q supports making calls to all of its API actions from your VPC, in the context of services that are configured to work with Amazon Q.
Prerequisites
Before you begin any of the procedures below, ensure that you have the following:
-
An AWS account with appropriate permissions to create and configure resources.
-
A VPC already created in your AWS account.
-
Familiarity with AWS services, especially Amazon VPC and Amazon Q.
Creating an interface VPC endpoint for Amazon Q
You can create a VPC endpoint for the Amazon Q service using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI). For more information, see Creating an interface endpoint in the Amazon VPC User Guide.
Create a VPC endpoint for Amazon Q using the following service name:
-
com.amazonaws.
region.q
Warning
If you are connecting to Amazon Q Developer through AWS PrivateLink from a third-Party IDE, then you must also create the following endpoint:
com.amazonaws.
region.codewhisperer
If you enable private DNS for the endpoint, you can make API requests to Amazon Q
using its default DNS name for the Region, for example,
q.us-east-1.amazonaws.com.
For more information, see Accessing a service through an interface endpoint in the Amazon VPC User Guide.
Note
Currently, you can only create an interface endpoint for Amazon Q Developer in the US East (N. Virginia) Region.
Using an on-premises computer to connect to a Amazon Q endpoint
This section describes the process of using an on-premises computer to connect to Amazon Q through a AWS PrivateLink endpoint in your AWS VPC.
Create a VPN connection between your on-premises device and your VPC.
Set up an inbound Amazon RouteĀ 53 endpoint. This will enable you to use the DNS name of your Amazon Q endpoint from your on-premesis device.
Using an in-console coding environment to connect to a Amazon Q endpoint
This section describes the process of using an in-console coding environment to connect to a Amazon Q endpoint.
In this context, an in-console IDE is an IDE that you access inside the AWS console, and authenticate to with IAM. Examples include AWS Cloud9, SageMaker Studio, and AWS Glue Studio.
Set up Amazon Q with the in-console coding environment
Configure the coding environment to use the Amazon Q endpoint.
Connecting to Amazon Q through AWS PrivateLink from a third-Party IDE on an Amazon EC2 instance
This section will walk you through the process of installing a third-party Integrated Development Environment (IDE) like Visual Studio Code or JetBrains on an Amazon EC2 instance, and configuring it to connect to Amazon Q using AWS PrivateLink.
Launch an Amazon EC2 instance in your desired subnet within your VPC. You can choose an Amazon Machine Image (AMI) that is compatible with your third-party IDE. For example, you can select an Amazon Linux 2 AMI.
Connect to the Amazon EC2 instance.
Install and Configure the IDE (Visual Studio Code or JetBrains).
Configure the IDE to connect via AWS PrivateLink.
