AWS Chatbot is now Amazon Q Developer. [Learn more](service-rename.md)
# Getting started with Amazon Q Developer in chat applications
To get started using Amazon Q Developer in chat applications to help manage your AWS infrastructure, follow the steps below to set up Amazon Q Developer in chat applications with chat channels and Amazon SNS topic subscriptions.
**Topics**
+ [Setting up Amazon Q Developer in chat applications](#setting-up)
+ [Tutorial: Get started with Amazon Chime](chime-setup.md)
+ [Tutorial: Get started with Microsoft Teams](teams-setup.md)
+ [Tutorial: Get started with Slack](slack-setup.md)
+ [Tutorial: Create or configure an Amazon Simple Notification Service topic as a notification target for Microsoft Teams and AWS CodeStar](teams-codestar.md)
+ [Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications](subscribe-sns-topic.md)
+ [Test notifications from AWS services to chat channels using CloudWatch](test-notifications-cw.md)
+ [Next steps](#next-steps-gettingStarted)
## Setting up Amazon Q Developer in chat applications
To use Amazon Q Developer in chat applications, you authorize a chat client configuration with Amazon Q Developer in chat applications, and optionally configure Amazon Q Developer in chat applications to use an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications to the chat channels. Before you can get started, you must complete the following setup tasks.
### Prerequisites
With Amazon Q Developer in chat applications, you can use chat channels to monitor and respond to events in your AWS Cloud.
The following list identifies prerequisites you should have before you begin using Amazon Q Developer in chat applications:
+ You have started using some AWS services. For more information about AWS services you can use with Amazon Q Developer in chat applications, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
+ You have administrator privileges with your chosen chat client chat room, tenant, or workspace.
+ You understand Amazon Q Developer in chat applications's permission schemes. For more information about Amazon Q Developer in chat applications's permission schemes, see [Understanding permissions](understanding-permissions.md).
If you have an existing AWS administrator user, you can access the Amazon Q Developer in chat applications console with no additional permissions. AWS recommends that you grant only the permissions required to perform a task for other users. For more information, see [Apply least-privilege permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) in the *AWS Identity and Access Management User Guide*.
### Sign up for an AWS account
If you do not have an AWS account, complete the following steps to create one.
**To sign up for an AWS account**
1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup).
1. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.
When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks).
AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [https://aws.amazon.com/](https://aws.amazon.com/) and choosing **My Account**.
### Create a user with administrative access
After you sign up for an AWS account, secure your AWS account root user, enable AWS IAM Identity Center, and create an administrative user so that you don't use the root user for everyday tasks.
**Secure your AWS account root user**
1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) as the account owner by choosing **Root user** and entering your AWS account email address. On the next page, enter your password.
For help signing in by using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*.
1. Turn on multi-factor authentication (MFA) for your root user.
For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-virt-mfa-for-root.html) in the *IAM User Guide*.
**Create a user with administrative access**
1. Enable IAM Identity Center.
For instructions, see [Enabling AWS IAM Identity Center](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-set-up-for-idc.html) in the *AWS IAM Identity Center User Guide*.
1. In IAM Identity Center, grant administrative access to a user.
For a tutorial about using the IAM Identity Center directory as your identity source, see [ Configure user access with the default IAM Identity Center directory](https://docs.aws.amazon.com//singlesignon/latest/userguide/quick-start-default-idc.html) in the *AWS IAM Identity Center User Guide*.
**Sign in as the user with administrative access**
+ To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.
For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*.
**Assign access to additional users**
1. In IAM Identity Center, create a permission set that follows the best practice of applying least-privilege permissions.
For instructions, see [ Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-started-create-a-permission-set.html) in the *AWS IAM Identity Center User Guide*.
1. Assign users to a group, and then assign single sign-on access to the group.
For instructions, see [ Add groups](https://docs.aws.amazon.com//singlesignon/latest/userguide/addgroups.html) in the *AWS IAM Identity Center User Guide*.
### Setting up IAM permissions for Amazon Q Developer in chat applications
If you would like to add Amazon Q Developer in chat applications access to an existing user or group, you can choose from allowed Amazon Q Developer in chat applications actions in IAM.
If you need to customize an IAM role to work with Amazon Q Developer in chat applications, [you can use the procedure in this topic](editing-iam-roles-for-chatbot.md).
If you want to chat with Amazon Q Developer in natural language from your chat channels, make sure to add the `AmazonQDeveloperAccess` policy to your IAM role. You must also ensure that your channel guardrail policies allow `AmazonQDeveloperAccess` permissions. For more information, see [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
**To create a policy to configure Amazon Q Developer in chat applications**
1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Policies** from the navigation pane.
1. Choose **Create policy**.
1. Expand **Service** and find **Chatbot**.
1. Under **Actions**, expand the **Read** and **Write** sections to see the available actions.
**Read** actions include **DescribeChimeWebhookConfigurations**, **DescribeSlackChannelConfigurations**, **DescribeTeamsChannelConfiguration**, and more.
**Write** actions include **CreateChimeWebhookConfiguration**, **DeleteChimeWebhookConfiguration**, and more.
1. After selecting the actions you want to include, choose **Review policy**.
1. Give your policy a name and description, then choose **Create policy**. You can now add your new policy to any of your users or groups.
For more information on updating the permissions of existing users, see [Adding Permissions to a User (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*.
**Note**
Amazon Q Developer in chat applications requires access to all AWS Regions. If there is a policy in place that prevents access to services in certain Regions, you must change the policy to allow global Amazon Q Developer in chat applications access. For more information about policy types that might limit how IAM roles can be assumed and how to override them, see [Other policy types](security-iam.md#security-iam-other-policies).
### Setting up Amazon SNS topics
To use Amazon Q Developer in chat applications, you must have Amazon SNS topics set up. If you don't have any Amazon SNS topics yet, follow the steps to get started in [Getting Started with Amazon SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html) in the *Amazon Simple Notification Service Developer Guide*.
**Note**
Amazon Q Developer in chat applications doesn't support SNS FIFO topics because these topics can't deliver messages to HTTPS endpoints. For more information, see [Message delivery for FIFO topics](https://docs.aws.amazon.com/sns/latest/dg/fifo-message-delivery.html) in the *Amazon Simple Notification Service Developer Guide*.
If you have server-side encryption enabled for your Amazon SNS topics, you must give permissions to the sending services in your AWS KMS key policy to post events to the encrypted SNS topics. The following policy is an example for Amazon EventBridge.
```
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*"
}
```
In order to successfully test the configuration from the console, your role must also have permission to use the AWS KMS key.
AWS managed service keys don’t allow you to modify access policies, so you will need AWS KMS/CMK for encrypted SNS topics. You can then update the access permissions in the AWS KMS key policy to allow the service that sends messages to publish to your encrypted SNS topics (for example, EventBridge).
# Tutorial: Get started with Amazon Chime
To get started using Amazon Q Developer in chat applications to help manage your AWS infrastructure, follow the steps below to set up Amazon Q Developer in chat applications with chat channels and Amazon SNS topic subscriptions.
**Topics**
+ [Prerequisites](#getting-started-prerequisites-chime)
+ [Step 1: Setting up Amazon Q Developer in chat applications with Amazon Chime](#chime-sets)
+ [Step 2: Test notifications from AWS services to Amazon Chime](#test-notifications)
+ [Next steps](#next-steps)
## Prerequisites
Before you get started, make sure you've completed the tasks in [Setting up Amazon Q Developer in chat applications](getting-started.md#setting-up). You will need to choose a permissions scheme in the following procedure. This scheme determines the permissions your channel members will have and what Amazon Q Developer in chat applications can do on your behalf. For more information about Amazon Q Developer in chat applications permissions, see [Understanding permissions](understanding-permissions.md).
## Step 1: Setting up Amazon Q Developer in chat applications with Amazon Chime
To set up Amazon Q Developer in chat applications for Amazon Chime, get the webhook URL for your team's chat room from Amazon Chime.
**Prerequisite**
You must be an Amazon Chime chat room admin and have the ability to manage webhooks.
**To configure an Amazon Chime client**
1. [Open Amazon Chime](http://app.chime.aws/).
1. For **Amazon Chime**, choose the chat room that you want to set up to receive notifications through Amazon Q Developer in chat applications.
1. Choose the Room settings icon on the top right and choose **Manage Webhooks and Bots**.
Amazon Chime displays the webhooks associated with the chat room.
**Note**
You can have multiple webhooks in a single Amazon Chime chat room.
For example, in an **Amazon Chime** chat room, one webhook could send notifications for Amazon CloudWatch alarms and another webhook could send AWS Security Hub CSPM security alerts. Each webhook receives notifications only for the SNS topics subscribed to it. All chat room members can see all of the notifications from each of the SNS topics.
1. For the webhook, choose **Copy URL** and choose **Done**.
If you need to create a new webhook for the chat room, choose **Add webhook**, enter a name for the webhook in the **Name** field, and choose **Create**.
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Choose **Configure new client**.
1. Choose **Amazon Chime** and choose **Configure**.
1. Under **Configuration details**, enter a name for your configuration. The name must be unique across your account and can't be edited later.
1. If you want to enable logging for this configuration, choose **Send logs to CloudWatch**. For more information, see [Amazon CloudWatch Logs for Amazon Q Developer in chat applications](cloudwatch-logs.md).
**Note**
There is an extra charge for using CloudWatch Logs.
1. For **Configure Amazon Chime webhook**, do the following.
1. Paste the webhook URL that you copied from Amazon Chime.
1. For **Webhook description**, use the following naming convention to describe the purpose of the webhook: **Chat\$1room\$1name/Webhook\$1name**. This helps you associate Amazon Chime webhooks with their Amazon Q Developer in chat applications configurations.
1. For **IAM permissions**, set the IAM permissions for Amazon Q Developer in chat applications.
1. For **Role**, choose **Create a new role from template**. If you want to use an existing role instead, choose it from the **IAM Role** list. To use an existing IAM role, you might need to modify it for use with Amazon Q Developer in chat applications. For more information, see [Configuring an IAM Role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).
1. For **Policy templates**, choose **Notification permissions**. This is the IAM policy provided by Amazon Q Developer in chat applications. It provides the necessary Read and List permissions for CloudWatch alarms, events and logs, and for Amazon SNS topics.
1. For **Role name**, enter a name. Valid characters: a-z, A-Z, 0-9.
1. Set up the SNS topics that will send notifications to the Amazon Chime webhook.
1. For **SNS Region**, choose the AWS Region that hosts the SNS topics for this Amazon Q Developer in chat applications subscription.
1. For **SNS topic**, choose the SNS topic for the client subscription. This topic determines the content that's sent to the Amazon Chime webhook. If the region has additional SNS topics, you can choose them from the same dropdown list.
1. If you want to add an SNS topic from another Region to the notification subscription, choose **Add another Region**.
**Note**
For a tutorial on subscribing existing Amazon SNS topics to Amazon Q Developer in chat applications, see [Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications](subscribe-sns-topic.md).
1. Choose **Configure**.
Notifications from supported services that publish to the chosen SNS topics will now appear in the Amazon Chime chat room.
You can configure as many webhooks as you need. The SNS topics that you choose also must be configured in the services for which you want to receive notifications. For more information, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
## Step 2: Test notifications from AWS services to Amazon Chime
To verify that an Amazon Simple Notification Service (Amazon SNS) topic sends notifications to your Amazon Chime chat room, you can test your setup by sending a notification. To test your notifications, ensure your topics are assigned to a service supported by Amazon Q Developer in chat applications. For a list of supported services, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md). You can also test notifications by using CloudWatch. For more information, see [Test notifications from AWS services to Amazon Chime using CloudWatch](test-notifications-cw.md).
**Testing notifications with configured clients**
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot/).
1. Choose the configured client you want to test.
1. In the configured client, choose the webhook to send a test notification to.
1. Choose **Send test message**.
1. View the confirmation message at the top of the screen that shows a message was sent to your Amazon SNS topic.
1. Confirm the test message in your Amazon Chime chat room.
## Next steps
After you configure your chat clients and test that your notifications are working, you might want to explore some of the following topics:
+ Learn about which other AWS services you can integrate with Amazon Q Developer in chat applications in [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
+ Learn about what you can customize using Amazon Q Developer in chat applications in [Customizing Amazon Q Developer in chat applications](customizing-chatbot.md).
# Tutorial: Get started with Microsoft Teams
To get started using Amazon Q Developer in chat applications to help manage your AWS infrastructure, follow the steps below to set up Amazon Q Developer in chat applications with chat channels and Amazon SNS topic subscriptions. Note that Amazon Q Developer in chat applications is approved by your Microsoft Teams administrator.
**Topics**
+ [Prerequisites](#getting-started-prerequisites-teams)
+ [Step 1: Configure a Microsoft Teams client](#teams-client-setup)
+ [Step 2: Configure a Microsoft Teams channel](#teams-client-setup-2)
+ [(Optional) Step 3: Test notifications from AWS services to Microsoft Teams](#test-notifications-teams)
+ [Configuring Microsoft Teams channels using AWS CloudFormation](#cfn-teams)
+ [Next steps](#next-steps-teams)
## Prerequisites
Before you get started, make sure you've completed the tasks in [Setting up Amazon Q Developer in chat applications](getting-started.md#setting-up). You should also ensure Microsoft Teams is installed and approved by your organization administrator. You will need to choose a permissions scheme in the following procedure. This scheme determines the permissions your channel members will have and what Amazon Q Developer in chat applications can do on your behalf. For more information about Amazon Q Developer in chat applications permissions, see [Understanding permissions](understanding-permissions.md) You must also create or choose a channel to be used in your Amazon Q Developer in chat applications configuration. This channel is used to monitor and operate your AWS resources.
**Note**
The following IAM permissions are required to create a Microsoft Teams configuration:
GetMicrosoftTeamsOauthParameters
RedeemMicrosoftTeamsOauthCode
CreateMicrosoftTeamsChannelConfiguration
If you have less than administrative permissions, ensure you have the aforementioned permissions to create a configuration.
## Step 1: Configure a Microsoft Teams client
To allow Amazon Q Developer in chat applications to send notifications or run commands in your Microsoft Teams channel, you must configure Amazon Q Developer in chat applications with Microsoft Teams.
**To configure a Microsoft Teams client**
1. Add Amazon Q Developer in chat applications to your team:
1. In Microsoft Teams, find your team name and choose **...**, then choose **Manage team**.
1. Choose **Apps**, then choose **More apps**.
1. Enter **Amazon Q Developer** in the search bar to find Amazon Q Developer in chat applications.
1. Select the bot.
1. Choose **Add to a team** and complete the prompt.
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Under **Configure a chat client**, choose **Microsoft Teams**, then choose **Configure client**.
1. Copy and paste your Microsoft Teams channel URL.
**Tip**
Your channel URL contains your tenant, team, and channel IDs. You can find your channel URL by right clicking on the channel in your Microsoft Teams channel list and copying the link. Your channel ID is the portion of your channel URL after the path `/channel/`, starting with `19%3` and likely ending with either `thread.tacv2` or `thread.skype`.
For example, the bolded portion of the following channel URL is its channel ID: `https://teams.microsoft.com/l/channel/19%3Ae5eace25j32023jga835103358eapge3t8235%40thread.tacv2/ChannelName?groupId=0d36500a-6023-419c-8c36-7e21f19b0135&tenantId=5fe61832-9f46-403b-a7db-cf9cf2e38199`.
1. Choose **Configure**.
**Note**
After choosing **Configure**, you're redirected to Microsoft Team's authorization page to request permission for Amazon Q Developer in chat applications to access your information. For more information, see [Chat client application permissions for Amazon Q Developer in chat applications](app-permissions.md).
1. On the Microsoft Teams authorization page, choose **Accept**.
## Step 2: Configure a Microsoft Teams channel
To allow Amazon Q Developer in chat applications to send notifications or run commands in your Microsoft Teams channel, you must also configure Amazon Q Developer in chat applications with a Microsoft Teams channel. Channel configuration consists of:
+ Associating a channel with the configuration
+ Defining user permissions, which dictate what tasks users can perform in a channel
+ (Optional) Adding Amazon SNS topics, which Amazon Q Developer in chat applications uses to send notifications to your channel
**Note**
Microsoft Teams doesn't currently support Amazon Q Developer in chat applications in private channels. For more information, see [Private channel limitations](https://learn.microsoft.com/en-us/microsoftteams/private-channels#private-channel-limitations).
**To configure a Microsoft Teams channel**
1. Associate a channel with your configuration:
1. On the **Team details** page in the Amazon Q Developer in chat applications console, choose **Configure new channel**.
1. Under **Configuration details**, enter a name for your configuration. The name must be unique across your account and can't be edited later.
1. If you want to enable logging for this configuration, choose **Publish logs to Amazon CloudWatch Logs**. For more information, see [Amazon CloudWatch Logs for Amazon Q Developer in chat applications](cloudwatch-logs.md).
**Note**
There is an extra charge for using CloudWatch Logs.
1. For **Team channel**, paste your Microsoft Teams channel URL.
1. Define user permissions:
1. Choose your **Role Setting**.
**Tip**
Your role setting dictates what permissions your channel members have. A channel role gives all members the same permissions. This is useful if your channel members typically perform the same actions in Microsoft Teams. A user role requires your channel members to choose their own roles. As such, different users in your channels can have different permissions. This is useful if your channel members are diverse or you don’t want new channel members to perform actions as soon as they join the channel. For more information, see [Role setting](understanding-permissions.md#role-settings).
------
#### [ Channel role ]
1. For **Role setting**, choose **Channel role**.
1. For **Channel role**, choose **Create an IAM role using a template**. If you want to use an existing role instead, choose **Use an existing IAM role**. To use an existing IAM role, you will need to modify it for use with Amazon Q Developer in chat applications. For more information, see [Configuring an IAM Role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).
1. For **Role name**, enter a name. Valid characters: a-z, A-Z, 0-9, .\$1w\$1=,.@-\$1.
1. (Optional) For **Policy template**, select **Amazon Q permissions** and any other templates you wish to use.
**Note**
The **Amazon Q permissions** template allows you to chat with Amazon Q Developer in natural language. For more information, see [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
You can also use AWS software development kits (SDKs) to configure channels with Amazon Q permissions.
------
#### [ User roles ]
1. For **Role setting**, choose **User roles**.
------
1. Select the policies that will make up your [channel guardrails](understanding-permissions.md#channel-guardrails). Your channel guardrails control what actions are available to your channel members.
1. (Optional) Add [AmazonQDeveloperAccess](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/managed-policy.html#amazonq-policy-developeraccess) as a channel guardrail to allow your users to chat with Amazon Q Developer in natural language from your Microsoft Teams channel.
1. (Optional) Add Amazon SNS topics:
**Note**
If you want to receive notifications in your Microsoft Teams channel, complete these steps.
1. Choose your notification settings:
1. For **SNS Region**, choose the AWS Region that hosts the SNS topics for this Amazon Q Developer in chat applications subscription.
1. For **SNS topic**, choose the Amazon SNS topic for the client subscription. This topic determines the content that's sent to the Microsoft Teams channel. If the region has additional SNS topics, you can choose them from the same dropdown list. The SNS topics you choose must be configured in the services for which you want to receive notifications. For more information, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
1. To add an Amazon SNS topic from another AWS Region to the notification subscription, choose **Add another Region**.
**Note**
For a tutorial on subscribing existing Amazon SNS topics to Amazon Q Developer in chat applications, see [Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications](subscribe-sns-topic.md).
Notifications from supported services that publish to the chosen Amazon SNS topics will now appear in the Microsoft Teams channel.
1. Choose **Configure**.
**Note**
You can configure a Microsoft Teams channel to run commands to your AWS account. For more information, see [Running AWS CLI commands from chat channels](chatbot-cli-commands.md).
You can configure as many channels with as many topics as you need.
## (Optional) Step 3: Test notifications from AWS services to Microsoft Teams
To verify that an Amazon Simple Notification Service (Amazon SNS) topic sends notifications to your Microsoft Teams channel, you can test your setup by sending a notification. Ensure your Amazon Q Developer in chat applications configuration is subscribed to at least one Amazon SNS topic and that your topics are assigned to a service supported by Amazon Q Developer in chat applications. For a list of supported services, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md). You can also test notifications by using CloudWatch. For more information, see [Test notifications from AWS services to Microsoft Teams using CloudWatch](test-notifications-cw.md).
**Testing notifications with configured clients**
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot/).
1. Choose the configured client you want to test.
1. In the configured client, choose the channel to send a test notification to.
1. Choose **Send test message**.
1. View the confirmation message at the top of the screen that shows a message was sent to your Amazon SNS topic.
1. Confirm the test message in your Microsoft Teams channel.
## Configuring Microsoft Teams channels using AWS CloudFormation
You can automate Microsoft Teams channel configuration by using an CloudFormation template. To use an CloudFormation template, you need the **Team ID** and **Tenant ID** found under **Team details** in the Amazon Q Developer in chat applications console. For more information, see [AWS::Chatbot::MicrosoftTeamsChannelConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-chatbot-microsoftteamschannelconfiguration.html) in the *AWS CloudFormation User Guide*.
## Next steps
After you configure your chat clients and test that your notifications are working, you might want to explore some of the following topics:
+ Learn about which other AWS services you can integrate with Amazon Q Developer in chat applications in [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
+ Learn about what you can customize using Amazon Q Developer in chat applications in [Customizing Amazon Q Developer in chat applications](customizing-chatbot.md).
+ Learn about what actions you can perform using Amazon Q Developer in chat applications in [Performing actions using Amazon Q Developer in chat applications](performing-actions.md).
+ Learn what questions you can ask Amazon Q Developer in chat applications in [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
+ Learn how to receive AWS CodeStar notifications in your channels in [Tutorial: Receive Developer Tools notifications in Microsoft Teams](teams-codestar.md#teams-codestar.title).
# Tutorial: Get started with Slack
**Note**
To install the Slack application, sign in to your AWS account in the AWS Management Console. Then navigate to the Amazon Q Developer in chat applications console and choose **Configure new client**. The following steps detail the full setup process.
To get started using Amazon Q Developer in chat applications to help manage your AWS infrastructure, use the following steps to set up Amazon Q Developer in chat applications with chat channels and Amazon SNS topic subscriptions.
**Topics**
+ [Prerequisites](#getting-started-prerequisites-slack)
+ [Step 1: Configure a Slack client](#slack-client-setup)
+ [Step 2: Configure a Slack channel](#slack-client-setup2)
+ [(Optional) Step 3: Test notifications from AWS services to Slack](#test-notifications-slack)
+ [Configuring Slack channels using AWS CloudFormation](#cfn-slack)
+ [Next steps](#next-steps-slack)
## Prerequisites
Before you get started, make sure you've completed the tasks in [Setting up Amazon Q Developer in chat applications](getting-started.md#setting-up). You will need to choose a permissions scheme in the following procedure. This scheme determines the permissions your channel members will have and what Amazon Q Developer in chat applications can do on your behalf. For more information about Amazon Q Developer in chat applications permissions, see [Understanding permissions](understanding-permissions.md). You must also create or choose a Slack channel to be used in your Amazon Q Developer in chat applications configuration. This channel is used to monitor and operate your AWS resources.
## Step 1: Configure a Slack client
To allow Amazon Q Developer in chat applications to send notifications or run commands, you must configure Amazon Q Developer in chat applications with Slack. Workspace administrators must approve the use of the Amazon Q Developer in chat applications app in the workspace. Members can request to install apps if app approval is turned on by the workspace administrator. For more information, see [Add apps to your Slack workspace](https://slack.com/help/articles/202035138-Add-apps-to-your-Slack-workspace).
**To configure a Slack client**
1. Add Amazon Q Developer in chat applications to the Slack workspace:
1. In Slack, on the left navigation pane, choose **Automations**.
**Note**
If you do not see **Automations** in the left navigation pane, choose **More**, then choose **Automations**.
1. If Amazon Q Developer in chat applications is not listed, choose the **Browse Apps Directory** button.
1. Browse the directory for the Amazon Q Developer in chat applications app and then choose **Add** to add Amazon Q Developer in chat applications to your workspace.
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Under **Configure a chat client**, choose **Slack**, then choose **Configure**.
**Note**
After choosing **Configure**, you'll be redirected to Slack's authorization page to request permission for Amazon Q Developer in chat applications to access your information. For more information, see [Chat client application permissions for Amazon Q Developer in chat applications](app-permissions.md).
1. From the dropdown list at the top right, choose the Slack workspace that you want to use with Amazon Q Developer in chat applications.
There's no limit to the number of workspaces that you can set up for Amazon Q Developer in chat applications, but you can set up only one at a time.
1. Choose **Allow**.
## Step 2: Configure a Slack channel
To allow Amazon Q Developer in chat applications to send notifications or run commands in your Slack channel, you must also configure Amazon Q Developer in chat applications with a Slack channel. Configuring a channel consists of:
+ Adding Amazon Q Developer in chat applications to your Slack channel
+ Associating a channel with the configuration
+ Defining user permissions, which dictate what tasks users can perform in a channel
+ (Optional) Adding Amazon SNS topics, which Amazon Q Developer in chat applications uses to send notifications to your channel
**To configure a Slack channel**
1. Add Amazon Q Developer in chat applications to the Slack channel:
1. In your Slack channel, enter **/invite @Amazon Q**.
**Note**
If copying and pasting this command in Slack, ensure you have the correct formatting.
1. Choose **Invite Them**.
1. Associate a channel with your configuration:
1. On the **Workspace details** page in the Amazon Q Developer in chat applications console, choose **Configure new channel**.
1. Under **Configuration details**, enter a name for your configuration. The name must be unique across your account and can't be edited later.
1. If you want to enable logging for this configuration, choose **Publish logs to Amazon CloudWatch Logs**. For more information, see [Amazon CloudWatch Logs for Amazon Q Developer in chat applications](cloudwatch-logs.md).
**Note**
There is an extra charge for using CloudWatch Logs.
1. For **Slack channel**, choose the channel you used in step 1. Amazon Q Developer in chat applications supports both public and private channels.
(Optional) To configure a private channel with Amazon Q Developer in chat applications:
1. In Slack, copy the Channel ID of the private channel by right-clicking on the channel name in the left pane and choosing **Copy Link**. The Channel ID is the string at the end of the URL (for example, `AB3BBLZZ8YY`).
1. In Amazon Q Developer in chat applications, paste the ID into the **Channel URL** field. (If you copy the URL of the private Slack channel, the Amazon Q Developer in chat applications console shows only the Channel ID value when you paste it into the field.)
1. Define user permissions:
1. Choose your **Role Setting**.
**Tip**
Your role setting dictates what permissions your channel members have. A channel role gives all members the same permissions. This is useful if your channel members typically perform the same actions in Slack. A user role requires your channel members to choose their own roles. As such, different users in your channels can have different permissions. This is useful if your channel members are diverse or you don’t want new channel members to perform actions as soon as they join the channel. For more information, see [Role setting](understanding-permissions.md#role-settings).
------
#### [ Channel role ]
1. For **Role setting**, choose **Channel role**.
1. For **Channel role**, choose **Create an IAM role using a template**. If you want to use an existing role instead, choose **Use an existing IAM role**. To use an existing IAM role, you will need to modify it for use with Amazon Q Developer in chat applications. For more information, see [Configuring an IAM Role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).
1. For **Role name**, enter a name. Valid characters: a-z, A-Z, 0-9, .\$1w\$1=,.@-\$1.
1. (Optional) For **Policy template**, select **Amazon Q permissions** and any other templates you wish to use.
**Note**
The **Amazon Q permissions** template allows you to chat with Amazon Q Developer in natural language. For more information, see [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
You can also use AWS software development kits (SDKs) to configure channels with Amazon Q permissions.
------
#### [ User roles ]
1. For **Role setting**, choose **User roles**.
------
1. Select the policies that will make up your [channel guardrails](understanding-permissions.md#channel-guardrails). Your channel guardrails control what actions are available to your channel members.
1. (Optional) Add [AmazonQDeveloperAccess](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/managed-policy.html#amazonq-policy-developeraccess) as a channel guardrail to allow your users to chat with Amazon Q Developer from your Slack channel.
1. (Optional) Add Amazon SNS topics:
**Note**
If you want to receive notifications in your Slack channel, complete these steps.
1. Choose your notification settings:
1. For **SNS Region**, choose the AWS Region that hosts the SNS topics for this Amazon Q Developer in chat applications subscription.
1. For **SNS topic**, choose the Amazon SNS topic for the client subscription. This topic determines the content that's sent to the Slack channel. If the region has additional SNS topics, you can choose them from the same dropdown list. The SNS topics you choose must be configured in the services for which you want to receive notifications. For more information, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
1. To add an Amazon SNS topic from another AWS Region to the notification subscription, choose **Add another Region**.
**Note**
For a tutorial on subscribing existing Amazon SNS topics to Amazon Q Developer in chat applications, see [Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications](subscribe-sns-topic.md).
Notifications from supported services that publish to the chosen Amazon SNS topics will now appear in the Slack channel.
1. Choose **Save**.
**Note**
You can configure a Slack channel to run commands to your AWS account. For more information, see [Running AWS CLI commands from chat channels](chatbot-cli-commands.md).
You can configure as many channels with as many topics as you need.
## (Optional) Step 3: Test notifications from AWS services to Slack
To verify that an Amazon Simple Notification Service (Amazon SNS) topic sends notifications to your Slack channel, you can test your setup by sending a notification. Ensure your Amazon Q Developer in chat applications configuration is subscribed to at least one Amazon SNS topic and that your topics are assigned to a service supported by Amazon Q Developer in chat applications. For a list of supported services, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md). You can also test notifications by using CloudWatch. For more information, see [Test notifications from AWS services to Amazon Chime or Slack using CloudWatch](test-notifications-cw.md).
**Testing notifications with configured clients**
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot/).
1. Choose the configured client you want to test.
1. In the configured client, choose the channel to send a test notification to.
1. Choose **Send test message**.
1. View the confirmation message at the top of the screen that shows a message was sent to your Amazon SNS topic.
1. Confirm the test message in your Slack channel.
## Configuring Slack channels using AWS CloudFormation
You can automate Slack channel configuration by using an CloudFormation template. To use an CloudFormation template, you need the **Workspace ID** found under **Workspace details** in the Amazon Q Developer in chat applications console. For more information, see [AWS::Chatbot::SlackChannelConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-chatbot-slackchannelconfiguration.html) in the *AWS CloudFormation User Guide*.
## Next steps
After you configure your chat clients and test that your notifications are working, you might want to explore some of the following topics:
+ Learn about which other AWS services you can integrate with Amazon Q Developer in chat applications in [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md).
+ Learn about what you can customize using Amazon Q Developer in chat applications in [Customizing Amazon Q Developer in chat applications](customizing-chatbot.md).
+ Learn about what actions you can perform using Amazon Q Developer in chat applications in [Performing actions using Amazon Q Developer in chat applications](performing-actions.md).
+ Learn what questions you can ask Amazon Q Developer in chat applications in [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
# Tutorial: Create or configure an Amazon Simple Notification Service topic as a notification target for Microsoft Teams and AWS CodeStar
The notifications feature in the Developer Tools console is a notifications manager for subscribing to events in AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline. It has its own API, AWS CodeStar. Notification rule targets defined within AWS CodeStar are currently Amazon SNS topics or Amazon Q Developer in chat applications clients configured for Slack channels, but not Amazon Q Developer in chat applications clients configured for Microsoft Teams. However, to receive notifications about resources of interest in Microsoft Teams, you can use an Amazon SNS topic as a target in both your Microsoft Teams channel configuration and your AWS CodeStar notification rules. This tutorial describes two methods to achieve this:
+ [Configure an existing Amazon SNS topic to use as a notification target](#teams-codestar-configure-teams).
+ [Create a new Amazon SNS topic as a target by editing notification rules](#teams-codestar-create-teams).
## Prerequisites
This tutorial assumes you already have some familiarity with Amazon SNS topics, AWS CodeStar, and Amazon Q Developer in chat applications. It also assumes that you've already created at least one notification rule in AWS CodeStar and that you've configured at least one Amazon Q Developer in chat applications client for Microsoft Teams.
For more information see the following topics:
+ [Tutorial: Get started with Microsoft Teams](teams-setup.md)
+ [What is the Developer Tools console?](https://docs.aws.amazon.com/dtconsole/latest/userguide/what-is-dtconsole.html) in the *Developer Tools console User Guide*.
+ [What are notifications?](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome.html) in the *Developer Tools console User Guide*.
## Step 1: Configure or create an Amazon SNS topic
### Configure an existing Amazon SNS topic to use as a notification target
In this procedure you edit an existing Amazon SNS topic used in your Microsoft Teams channel configuration to be used as a notification rule target in AWS CodeStar.
**To configure an existing Amazon SNS topic to use as a notification rule target**
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Select your configured Microsoft Teams chat channel.
1. Choose the channel you want to receive notifications in.
1. Choose **Edit**.
1. In **Notifications**, identify the name of the Amazon SNS topic you want to use.
1. Follow the steps in [To configure an Amazon Simple Notification Service topic to use as a target for AWS CodeStar notification rules](https://docs.aws.amazon.com/dtconsole/latest/userguide/set-up-sns.html) in the *Developer Tools User Guide*.
1. The Amazon SNS topic is now associated with both AWS CodeStar and your chosen Microsoft Teams channel configuration.
### Create a new Amazon SNS topic as a target by editing notification rules
In this procedure you create a new Amazon SNS topic by editing an existing notification rule. You then use this Amazon SNS topic in your Microsoft Teams channel configuration.
**To create a new Amazon SNS topic to use as a notification rule target**
1. Edit your notification rule:
**Note**
The Region in which this notification rule is created must be added as a notification Region in your Microsoft Teams configuration.
1. Open the [Developer Tools console](https://console.aws.amazon.com/codesuite/).
1. In the navigation pane, choose **Settings** and then choose **Notification rules.**
1. Select the appropriate rule and choose **Edit**.
1. In **Targets**, choose **Create target**.
1. Choose **Amazon SNS topic** as your target type.
1. Enter a topic name.
**Note**
This topic will be used in your Microsoft Teams configuration.
1. Edit your Microsoft Teams configuration:
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Select your configured Microsoft Teams chat client.
1. Select the channel in which you want to receive notifications.
1. Choose **Edit**.
1. (Optional) If you have no Regions or you don't currently have the Region you used for Developer Tools added, choose **Add another Region** in **Notifications** and select the appropriate Region.
1. In **Topics**, search for and select the Amazon SNS topic you created while editing your notification rule.
1. Choose **Configure**.
# Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications
You can quickly subscribe existing Amazon SNS topics to the Amazon Q Developer in chat applications. You associate the new subscriptions to a chat channel. After doing so, the messages from those topics appear in the channel. The Amazon SNS topics must be associated with AWS services that Amazon Q Developer in chat applications supports, and may also require further configuration, such as association with a CloudWatch rule. This procedure is most useful if you have Amazon SNS topics that are already doing significant work with CloudWatch Events and CloudWatch alarms in AWS cloud services supported by Amazon Q Developer in chat applications.
**Note**
You can set up each supported AWS service to *target* one or more Amazon SNS topics to send notifications to Amazon Q Developer in chat applications. You do this using each relevant AWS service console, or using CloudFormation. If you already have Amazon SNS topics set as targets for supported services, you can configure Amazon Q Developer in chat applications to use those topics. Notifications from subscribed topics will automatically appear in your chat channels without further configuration.
**Note**
If your Amazon SNS topic is encrypted, you must add a section to your AWS KMS key policy to give the sending service permissions to post events to the encrypted SNS topics. For more information, see [Setting up Amazon SNS topics](getting-started.md#chatbot-sns).
1. Open the Amazon Q Developer in chat applications console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Under **Configured clients**, choose your chat client.
1. Choose any channel in your chat client configuration.
1. Choose **Edit**. The configuration page for the channel appears. Note that the **Region** Notifications is already configured.
1. In the **Notifications** panel:
1. If you need to apply an Amazon SNS topic from another region, choose **Add another Region**.
1. For each **Region** in the chat channel, select the Amazon SNS topic you want to add.
1. When finished, choose **Save**.
1. To check for the subscription, click on any subscription entry in the Amazon Q Developer in chat applications console. The Amazon SNS console opens, showing the list of subscriptions for the selected topic.
# Test notifications from AWS services to chat channels using CloudWatch
To verify that an Amazon Simple Notification Service (Amazon SNS) topic sends notifications to your chat channels, you can test your setup by sending a notification. Any SNS topic can send notifications to your chat channels, but the topic must be assigned to a service supported by Amazon Q Developer in chat applications. For more information about supported services, see [Supported services for Amazon Q Developer in chat applications](chatbot-services.md).
**Note**
CloudWatch alarms and events are separately configured and have different characteristics for use with Amazon Q Developer in chat applications.
The following procedure uses a CloudWatch alarm because most AWS services supported by Amazon Q Developer in chat applications send their event and alarm data to CloudWatch.
You configure CloudWatch alarms using performance metrics from the services that are active in your account. When you associate CloudWatch alarms with an Amazon SNS topic that is mapped to Amazon Q Developer in chat applications, the Amazon SNS topic sends the CloudWatch alarm notifications to the chat channels. For more information, see [Monitoring AWS services using Amazon Q Developer in chat applications](related-services.md) and the [Troubleshooting](chatbot-troubleshooting.md) topic.
**To test notifications to configured chat clients**
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. In the navigation pane, choose **Alarms**, **Create alarm**.
1. Select the correct AWS **Region** at the top right of the AWS console, that contains the Amazon SNS topic you need. (**Tip:** to make sure you have the right Region for your SNS topics for testing alarms, you can check the Amazon Q Developer in chat applications configuration to see the regions for all configured SNS topics in each channel or webhook.)
1. Choose **Select metric**, and choose the **SNS** service namespace. (All CloudWatch alarms use service *metrics* to generate their notifications, and you need to select one for this example.)
1. Choose **Topic metrics**.
1. Choose the check box for the SNS topic next to its **Topic Name** and **Metric Name**. Any SNS topics that you configured with Amazon Q Developer in chat applications appear in this list.
*Important*: if you don't see your desired Amazon SNS topic in the SNS Topic list, make sure to select the correct AWS Region in the AWS console when you begin configuring the new CloudWatch alarm.
1. Choose **Select metric**.
The **Specify metric and conditions** page shows a graph and other information about the metric and statistic.
1. For **Conditions** (the circumstances under which the CloudWatch alarm fires and an action takes place), choose the following options:
1. For **Threshold type**, choose **Static**.
1. For **Whenever *metric* is**, choose **Lower/Equal <=threshold**.
1. For **than...**, specify a threshold value of **1**. This setting ensures you will trigger the test notification within one minute.
1. Under **Additional configuration**, do the following:
1. For **Datapoints to alarm**, select **1 out of 1**.
1. For **Missing data treatment**, select **Treat missing data as bad**.
1. Choose **Next**.
1. Choose **Configure actions**. Here, you set the *action* to create SNS notifications when the metric threshold is exceeded.
For **Notification**, choose the following options.
1. For **Whenever this alarm state is...**, choose **In Alarm**.
1. For **Select an SNS topic**, choose **Select an existing SNS topic**.
1. For **Send a notification to...**, choose your SNS topic that has a subscription to Amazon Q Developer in chat applications. If the SNS topic is subscribed in Amazon Q Developer in chat applications, the endpoint value for Amazon Q Developer in chat applications appears in the **Email (endpoints)** field.
**Note**
If the endpoint value doesn't appear in the **Email (endpoints)** field, make sure that the SNS topic is set up correctly in the Microsoft Teams channel, Slack channel or Amazon Chime webhook. For more information, see [Setting up Amazon Q Developer in chat applications with Microsoft Teams](teams-setup.md), [Setting up Amazon Q Developer in chat applications with Slack](slack-setup.md), or [Setting up Amazon Q Developer in chat applications with Amazon Chime](chime-setup.md).
1. Choose **Next**.
1. Enter a name and description for the alarm. The name must contain only ASCII characters. Then, choose **Next**.
1. For **Preview and create**, confirm that the information and conditions are correct, then choose **Create alarm**.
When the alarm triggers for the first time, you should receive the first test notification in your chat room, confirming that Amazon Q Developer in chat applications is working correctly and receiving alarm notifications from Amazon CloudWatch.
## Next steps
Once you've taken the necessary steps to set up Amazon Q Developer in chat applications, you can get started configuring the chat client of your choice. For a step-by-step guide on how to do this, choose the appropriate tutorial below:
+ [Tutorial: Get started with Slack](slack-setup.md)
+ [Tutorial: Get started with Amazon Chime](chime-setup.md)
+ [Tutorial: Get started with Microsoft Teams](teams-setup.md)