- Newest
- Most votes
- Most comments
Hello,
Confirm the IAM role passed to Amazon Q during deployment has the necessary permissions for the QBusiness actions like Chat, ListMessages, etc. as described in the documentation -
https://docs.aws.amazon.com/amazonq/latest/business-use-dg/idp-sso.html https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html https://docs.aws.amazon.com/amazonq/latest/business-use-dg/iam-roles.html
- Verify the trust relationship is set up correctly between Identity Center and Amazon Q by checking the SAML metadata exchange completed successfully.
- Ensure the IAM user or role you're using to access the web experience is a member of the appropriate group in the Identity Center that was configured during deployment.
- For the IAM user or role, attach the AmazonQFullAccess managed policy for full permissions to Amazon Q.
- Double-check the email attribute and optional group attribute names match what's configured in the Identity Center and passed to Amazon Q.
Thanks
Abhinav
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?
Yes u can try that Also plz look into this link as well - https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html
Relevant content
- asked a year ago
- asked 4 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?