Accessing a customer's Amazon Q index as a data accessor using cross-account access - Amazon Q Business

Accessing a customer's Amazon Q index as a data accessor using cross-account access

After Amazon Q Business customers give an independent software provider or vendor's (ISV) data accessor permissions to retrieve data from their Amazon Q index, the customer or the ISV must connect with one another to get the following configuration details. These configuration parameters are required inputs when they use the SearchRelevantContent API operation to perform cross-account access to relevant data from the customer's Amazon Q index. These parameters are accessed from the customer's Amazon Q console in the Information for data accessor tab in the data accessor details page which is accessed by choosing the accessor Name from the Data accessors table on the Data accessors page of their application environment.

  1. Amazon Q Business application ID — This is unique identifier of the Amazon Q Business application environment. It tells the ISV what Amazon Q application environment is associated with the Amazon Q index.

  2. The Amazon Q Business application Region — This is the AWS Region where the Amazon Q Business application environment is created.

  3. Amazon Q Business retriever ID — This is unique identifier for the retriever. The retriever gets the data from the Amazon Q index configured by the Amazon Q customer.

  4. Data accessor application ARN — This is the ISV Amazon Resource Name (ARN). It is used to identify the ISV when it is accessing a customer's Amazon Q index.

  5. The Region for the Identity and Access Management (IAM) Identity Center (IDC) instance — This is the AWS Region where the IDC instance of the customer has been created.

With these parameters, the ISV can begin retrieving content from the Amazon Q index by calling the SearchRelevantContent API operation. The SearchRelevantContent API operation follows Amazon Q Business access control standards by only retrieving data that the customer's end users have been given access to.