- 新しい順
- 投票が多い順
- コメントが多い順
Hello,
Confirm the IAM role passed to Amazon Q during deployment has the necessary permissions for the QBusiness actions like Chat, ListMessages, etc. as described in the documentation -
https://docs.aws.amazon.com/amazonq/latest/business-use-dg/idp-sso.html https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html https://docs.aws.amazon.com/amazonq/latest/business-use-dg/iam-roles.html
- Verify the trust relationship is set up correctly between Identity Center and Amazon Q by checking the SAML metadata exchange completed successfully.
- Ensure the IAM user or role you're using to access the web experience is a member of the appropriate group in the Identity Center that was configured during deployment.
- For the IAM user or role, attach the AmazonQFullAccess managed policy for full permissions to Amazon Q.
- Double-check the email attribute and optional group attribute names match what's configured in the Identity Center and passed to Amazon Q.
Thanks
Abhinav
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?
Yes u can try that Also plz look into this link as well - https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html
関連するコンテンツ
- AWS公式更新しました 2年前
- AWS公式更新しました 1年前
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?