- 最新
- 投票最多
- 评论最多
Hello,
Confirm the IAM role passed to Amazon Q during deployment has the necessary permissions for the QBusiness actions like Chat, ListMessages, etc. as described in the documentation -
https://docs.aws.amazon.com/amazonq/latest/business-use-dg/idp-sso.html https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html https://docs.aws.amazon.com/amazonq/latest/business-use-dg/iam-roles.html
- Verify the trust relationship is set up correctly between Identity Center and Amazon Q by checking the SAML metadata exchange completed successfully.
- Ensure the IAM user or role you're using to access the web experience is a member of the appropriate group in the Identity Center that was configured during deployment.
- For the IAM user or role, attach the AmazonQFullAccess managed policy for full permissions to Amazon Q.
- Double-check the email attribute and optional group attribute names match what's configured in the Identity Center and passed to Amazon Q.
Thanks
Abhinav
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?
Yes u can try that Also plz look into this link as well - https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/setting-up-configure-permissions.html
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 8 个月前
- AWS 官方已更新 6 个月前
- AWS 官方已更新 1 年前
hum, the web preview works fine. To deploy I would need to access the IAM Identity Center. Should I had AWSIAMIdentityCenterAllowListForIdentityContext permission to my account ?