Share your enterprise data with data accessors using Amazon Q index

The Amazon Q Business data accessors feature allows you to securely share your enterprise data with verified independent software vendors (ISVs) using Amazon Q. This feature allows ISVs to retrieve relevant content from your Amazon Q index, enhancing their applications with your organization's knowledge. By granting controlled access to your data, you can leverage third-party tools while maintaining security and data access compliance.

DataAccessor supports two types of authorization patterns to access ISVs end user data on Amazon Q:

Authorization Code

AWS IAM Identity Center supports OAuth 2.0 authorization code flows using the Proof Key for Code Exchange (PKCE) standard. This provides AWS applications, such as Amazon Q Business, a simple and safe way to authenticate users and obtain their consent to access Amazon Q Business resources from desktops and mobile devices with web browsers.
Trusted token issuer/App level authentication
- A trusted token issuer is an OAuth 2.0 authorization server that creates signed tokens. These tokens authorize applications that initiate requests (requesting applications) for access to AWS managed applications (receiving applications).
- Consideration for granting an ISV with trusted token issuer based authorization

This topic discusses how an Amazon Q Business administrator can connect to one of the supported data accessors.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing response configurations

Verified data accessors