IAM role for allowing Amazon Q Business to monitor the resources that the integration creates in your account - Amazon Q Business

IAM role for allowing Amazon Q Business to monitor the resources that the integration creates in your account

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "QBusinessIdCInstanceReadOnlyPermissions",
            "Effect": "Allow",
            "Action": [
                "sso:ListApplications"
            ],
            "Resource": "arn:aws:sso:::instance/idc-instance-id"
        },
        {
            "Sid": "QBusinessIdCInstanceApplicationReadOnlyPermissions",
            "Effect": "Allow",
            "Action": [
                "sso:ListApplicationAccessScopes",
                "sso:GetApplicationAssignmentConfiguration",
                "sso:GetApplicationGrant",
                "sso:GetApplicationAuthenticationMethod"
            ],
            "Resource": "arn:aws:sso::111122223333:application/idc-instance-id/*"
        }
    ]
}