Amazon Q Developer and interface endpoints (AWS PrivateLink)
Note
Amazon Q Developer supports interface endpoints for features available in your IDE. Chatting with Amazon Q on AWS apps and websites is not supported for VPC endpoints. Neither is the Amazon Q Developer transformation web experience.
You can establish a private connection between your VPC and Amazon Q Developer by creating an
interface VPC endpoint. Interface endpoints are powered by AWS PrivateLink
Each interface endpoint is represented by one or more Elastic Network Interfaces in your subnets.
For more information, see Interface VPC endpoints (AWS PrivateLink ) in the Amazon VPC User Guide.
Considerations for Amazon Q VPC endpoints
Before you set up an interface VPC endpoint for Amazon Q, ensure that you review Interface endpoint properties and limitations in the Amazon VPC User Guide.
Amazon Q supports making calls to all of its API actions from your VPC, in the context of services that are configured to work with Amazon Q.
Prerequisites
Before you begin any of the procedures below, ensure that you have the following:
-
An AWS account with appropriate permissions to create and configure resources.
-
A VPC already created in your AWS account.
-
Familiarity with AWS services, especially Amazon VPC and Amazon Q.
Creating an interface VPC endpoint for Amazon Q
You can create a VPC endpoint for the Amazon Q service using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI). For more information, see Creating an interface endpoint in the Amazon VPC User Guide.
Create the following VPC endpoints for Amazon Q using the following service names:
-
com.amazonaws.
region.q -
com.amazonaws.us-east-1.codewhisperer
Replace region with AWS Region where your Amazon Q Developer profile is
installed. For more information, see Supported Regions for the Q Developer
console and Q Developer profile.
Note
The Amazon CodeWhisperer endpoint (com.amazonaws.us-east-1.codewhisperer) is only supported in the US East (N. Virginia) Region.
If you enable private DNS for the endpoint, you can make API requests to Amazon Q using its
default DNS name for the Region, for example, q.us-east-1.amazonaws.com.
For more information, see Accessing a service through an interface endpoint in the Amazon VPC User Guide.
Using an on-premises computer to connect to a Amazon Q endpoint
This section describes the process of using an on-premises computer to connect to Amazon Q through a AWS PrivateLink endpoint in your AWS VPC.
-
Create a VPN connection between your on-premises device and your VPC.
-
Set up an inbound Amazon RouteĀ 53 endpoint. This will enable you to use the DNS name of your Amazon Q endpoint from your on-premesis device.
Using an in-console coding environment to connect to a Amazon Q endpoint
This section describes the process of using an in-console coding environment to connect to a Amazon Q endpoint.
In this context, an in-console IDE is an IDE that you access inside the AWS console, and authenticate to with IAM. Examples include SageMaker AI Studio and AWS Glue Studio.
-
Set up Amazon Q with the in-console coding environment
-
Configure the coding environment to use the Amazon Q endpoint.
Connecting to Amazon Q through AWS PrivateLink from a third-Party IDE on an Amazon EC2 instance
This section will walk you through the process of installing a third-party Integrated Development Environment (IDE) like Visual Studio Code or JetBrains on an Amazon EC2 instance, and configuring it to connect to Amazon Q using AWS PrivateLink.
-
Launch an Amazon EC2 instance in your desired subnet within your VPC. You can choose an Amazon Machine Image (AMI) that is compatible with your third-party IDE. For example, you can select an Amazon Linux 2 AMI.
-
Connect to the Amazon EC2 instance.
-
Install and Configure the IDE (Visual Studio Code or JetBrains).
-
Configure the IDE to connect via AWS PrivateLink.
