- Newest
- Most votes
- Most comments
Hi there!
Since you are using the native Q retriever you will need to allow BatchPutDocument
on your Q index, like below:
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
},
You can check out the full IAM permission needed in the docs at https://docs.aws.amazon.com/amazonq/latest/business-use-dg/create-s3-datasource-iam-role.html as you will also have to add permissions for the Principal Store APIs in addition to the above and access to your S3 bucket. There are also examples for other configurations.
Since the error is pointing to BatchPutDocument API, I followed this https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html
Here is the policy I added to the role. However, I am still getting the same error. Thanks for your pointers. { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::xxxx/" ], "Effect": "Allow" }, { "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::xxxx" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "kendra:BatchPutDocument", "kendra:BatchDeleteDocument" ], "Resource": [ "arn:aws:kendra:us-east-2:12345678:index/" ] } ] }
Relevant content
- asked 18 days ago
- asked 2 months ago
- asked a month ago
- AWS OFFICIALUpdated 18 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
If you are using the native Q retriever you need to provide permissions for
qbusiness:BatchPutDocument
rather thankendra:BatchPutDocument
. The link in the answer gives the full details of the permissions needed.