IAM role for allowing the integration to call Amazon Q Business on your end user's behalf - Amazon Q Business

IAM role for allowing the integration to call Amazon Q Business on your end user's behalf

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "QBusinessConversationPermissions",
            "Effect": "Allow",
            "Action": [
                "qbusiness:Chat",
                "qbusiness:ChatSync",
                "qbusiness:PutFeedback",
                "qbusiness:DeleteConversation",
                "qbusiness:ListAttachments",
                "qbusiness:DeleteAttachment"
            ],
            "Resource": "arn:aws:qbusiness:us-east-1:111122223333:application/application-id"
        },
        {
            "Sid": "QBusinessKMSDecryptPermissions",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:us-east-1:111122223333:key/[[key_id]]"
            ],
            "Condition": {
                "StringLike": {
                    "kms:ViaService": [
                        "qbusiness.us-east-1.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Sid": "QBusinessSetContextPermissions",
            "Effect": "Allow",
            "Action": [
                "sts:SetContext"
            ],
            "Resource": [
                "arn:aws:sts::*:self"
            ],
            "Condition": {
                "StringLike": {
                    "aws:CalledViaLast": [
                        "qbusiness.amazonaws.com"
                    ]
                }
            }
        }
    ]
}