Amazon Q missing profile

Question

After getting accepted to AWS ARRC Credit Program. My us-east-2 region was locked and Amazon Q stopped working. I can login to the Amazon Q in the terminal but it gives operational errors when asking questions. The Amazon Q in VS Code succeeded in login but then fails to load the chat interface stating that the profile is missing.

2025-07-17 12:28:28.535 [error] resourceCache: failed to load latest resource, releasing lock: aws.amazonq.regionProfiles.cache
2025-07-17 12:28:28.551 [error] Failed to list customizations because listAvailableProfiles failed This user has no Q Developer profiles

My management account handle the IAM Identity Center for Amazon Q in us-east-2.

I went ahead and deleted the us-east-2 IAM Identity Center, created a new one in us-east-1. Manually created the user and group. The Amazon Q profile "QDevProfile-us-east-1" was created an it appears in the application section of Identity Center. In the QDevProfile the user and group do not appear under Assigned users and groups. In the Amazon Q / Subscription section the user and group also do not appear.

The created user can login into the access portal. The application shows the QDevProfile-us-east-1.

Not sure if getting accepted to AWS ARRC Credit Program caused some errors in the "matrix" where the old Amazon Q profile was not deleted correctly but I went from everything is great, paying for amazon Q and whatever I went over in the free tier, productive to dead in the water.

It would be very much appreciated if some clarification on how to resolve this issue can be provided. The Management Account has AmazonQDeveloperAccess and AmazonQFullAccess plus AdministratorAccess polices so not clear why the management account cant see the users or groups nor the root account for that matter.

Raul V · Answer

Recreated the QDevProfile-us-east-1 a couple of times with the same outcome. Did the same with the whole IAM Identity Center. Its all been recreated a couple of time.

The outcome is always the same. The users and groups can be created in the IAM Identity Center Manually. The user that is created gets logged into the Access Portal. The account shows up in the account tab and the application shows up in the application tab. Every time the same outcome when logging in with the IDE extension which is up to date. there is a missing profile error. When trying to add the users and group in the "Assigned users and groups" for the QDevProfile-us-east-1. nothing appears in the search or in the display box. The same case within the Amazon Q Developer dashboard / subscriptions / the Groups and Users tabs are empty and when searching for the group and user, nothing appears.

the latest rebuild of amazon a and iam identity center has gone from missing profile to access denied.

```
    extendedRequestId: undefined,
    cfId: undefined
  },
  error: 'access_denied',
  error_description: 'Access denied',
  reason: null,
  message: 'UnknownError'
}
[error] ssoSetup encountered an error: Error: Failed to connect to IAM Identity Center [FailedToConnect]
	 -> AccessDeniedException: Access denied
[error] webviewId="aws.amazonq.AmazonCommonAuth": Error: Webview error
	 -> Error: Webview backend command failed: "startCodeWhispererEnterpriseSetup()"
	 -> Error: Failed to connect to IAM Identity Center [FailedToConnect]
	 -> AccessDeniedException: Access denied
[info] [2025-07-18T02:42:48.926Z] Amazon Q Token Service Manager: No active SSO connection is detected: no credentials provided. Resetting the client
```

also both the amazon q and iam identity centers are both in us-east-1

satheesh · Answer

Hi,

What’s Going Wrong
- Residual Configuration from us-east-2: Even though you deleted the IAM Identity Center in us-east-2, Amazon Q may still be referencing cached or orphaned resources tied to that region. This can cause profile resolution failures like:
Failed to list customizations because listAvailableProfiles failed
This user has no Q Developer profiles
- Missing User/Group Assignments: In the new QDevProfile-us-east-1, if users and groups aren’t explicitly assigned in both the IAM Identity Center and the Amazon Q Subscriptions, the system won’t recognize them—even if they appear in the access portal.
- ARRC Credit Program Side Effects: While there’s no official documentation linking ARRC credits to region locking, it’s possible that the credit provisioning triggered a region-specific entitlement or subscription that didn’t cleanly migrate when you switched regions.

**Steps to Resolve**
- Verify Region Alignment
- Ensure your IAM Identity Center instance and Amazon Q Developer profile are both in us-east-1.
- Confirm that your CLI and IDE are also configured to use us-east-1 as the default region.
- Assign Users and Groups Properly
- Go to IAM Identity Center → Applications → QDevProfile-us-east-1
- Explicitly assign the user and group under “Assigned users and groups”
- Then go to Amazon Q → Subscriptions and assign the same user/group there
- Clear Cached Profiles
- Run q doctor and q restart in your terminal to flush stale profile data
- You may also need to delete the .q or .aws cache folders manually if the issue persists
- Check Subscription Status
- In the Amazon Q console, go to Subscriptions → Users
- Confirm that your user appears and has an Active status—not Pending or Canceled
- Confirm Identity-Aware Sessions
- Amazon Q requires identity-aware sessions to be enabled in the management account
- If not enabled, you’ll see errors like “profile missing” or “not authorized to make this call”
- Fallback: Recreate the Profile
- If the profile is still misbehaving, consider deleting QDevProfile-us-east-1 and recreating it from scratch
- Assign users/groups immediately after creation to avoid sync delays

Raul V · Answer

Managed to resolve the issue via the aws cli to assign the user and group to the QDevProfile-us-east-1 profile and then add the group to the subscriptions section of the Amazon Q console.

Amazon Q missing profile

Add your answer

Relevant content