Accessing a customer's Amazon Q index as a data accessor using cross-account access
After Amazon Q Business customers give an independent software provider or vendor's (ISV)
data accessor permissions to retrieve data from their Amazon Q
index, the customer or the ISV must connect with one another to get the following
configuration details. These configuration parameters are required inputs when they use
the SearchRelevantContent API operation to perform cross-account access to
relevant data from the customer's Amazon Q index. These parameters are accessed from the
customer's Amazon Q console in the Information for data
accessor tab in the data accessor details page which
is accessed by choosing the accessor Name from the Data
accessors table on the Data accessors page of their
application environment.
-
Amazon Q Business application ID — This is unique identifier of the Amazon Q Business application environment. It tells the ISV what Amazon Q application environment is associated with the Amazon Q index.
-
The Amazon Q Business application Region — This is the AWS Region where the Amazon Q Business application environment is created.
-
Amazon Q Business retriever ID — This is unique identifier for the retriever. The retriever gets the data from the Amazon Q index configured by the Amazon Q customer.
-
Data accessor application ARN — This is the ISV Amazon Resource Name (ARN). It is used to identify the ISV when it is accessing a customer's Amazon Q index.
-
The Region for the Identity and Access Management (IAM) Identity Center (IDC) instance — This is the AWS Region where the IDC instance of the customer has been created.
With these parameters, the ISV can begin retrieving content from the Amazon Q index by
calling the SearchRelevantContent API operation. The
SearchRelevantContent API operation follows Amazon Q Business access control
standards by only retrieving data that the customer's end users have been given access
to.
