Construct public-facing generative AI purposes utilizing Amazon Q Enterprise for nameless customers

Amazon Q Business is a generative AI-powered assistant that solutions query, supplies summaries, generates content material, and securely completes duties based mostly on enterprise knowledge and data. It connects to firm knowledge sources, purposes, and inside methods to supply related, contextual solutions whereas sustaining organizational safety and compliance requirements.

In the present day, we’re excited to announce that Amazon Q Enterprise now helps anonymous user access. With this new function, now you can create Amazon Q Enterprise purposes with nameless person mode, the place person authentication is just not required and content material is publicly accessible. These nameless person purposes can be utilized in use instances reminiscent of public web site Q&A, documentation portals, and buyer self-service experiences.

This functionality permits visitor customers to make use of Amazon Q Enterprise generative AI capabilities to rapidly discover product data, get technical solutions, navigate documentation, and troubleshoot points. Your public-facing web sites, documentation, and help portals can now ship the identical highly effective AI-driven help that authenticated customers obtain, creating an expertise that enriches the visitor person journey throughout your digital environments.

With this launch, you possibly can seamlessly combine an nameless Amazon Q Enterprise software into your web sites and internet purposes via two pathways: both by embedding the ready-to-use internet expertise into your web sites utilizing an iframe for fast deployment, or through the use of our Chat, ChatSync, and PutFeedback APIs to construct utterly custom-made interfaces inside your personal purposes. For nameless Amazon Q Enterprise purposes, we’ve carried out a easy consumption-based pricing mannequin the place you’re charged based mostly on the variety of Chat or ChatSync API operations your nameless Amazon Q Enterprise purposes make.

On this submit, we reveal construct a public-facing generative AI software utilizing Amazon Q Enterprise for nameless customers.

Answer overview

On this answer, we stroll you thru creating an nameless Amazon Q Enterprise software utilizing each the AWS Management Console and AWS Command Line Interface (AWS CLI). Our instance demonstrates a sensible situation: serving to web site guests discover data on public-facing documentation web sites.

We reveal take a look at the implementation with pattern queries via the built-in internet expertise URL. The ensuing software could be custom-made and embedded straight into your web sites (utilizing the API or the iframe methodology), offering speedy worth in your customers.

Conditions

To comply with together with this submit, you’ll need the next:

• An AWS account.
• Not less than one Amazon Q Enterprise Professional person that has admin permissions to arrange and configure Amazon Q Enterprise. For pricing data, see Amazon Q Business pricing.
• AWS Identity and Access Management (IAM) permissions to create and handle IAM roles and insurance policies.
• Public content material to index (paperwork, FAQs, data base articles) that may be shared with unauthenticated customers.
• A supported knowledge supply to attach, reminiscent of an Amazon Simple Storage Service (Amazon S3) bucket containing your public paperwork.
• The AWS CLI configured with acceptable permissions (if following the AWS CLI methodology).

Create an nameless Amazon Q Enterprise software utilizing the console

On this part, we stroll via the steps to implement the answer utilizing the console.

Create an IAM function for the net expertise

Earlier than creating your Amazon Q Enterprise software, you’ll need to arrange an IAM function with the suitable permissions:

1. On the IAM console, select Roles within the navigation pane and select Create function.
2. Select AWS service because the trusted entity
3. Choose Amazon Q Enterprise from the service record.
4. Select Subsequent: Permissions.
5. Create a customized coverage or connect the mandatory read-only insurance policies, and add permissions for nameless entry.

We strongly advocate that you simply use a restricted coverage for the function, just like the one proven within the following screenshot, which shall be used to create the net expertise for nameless entry software environments.

An instance of a restricted function coverage for calling the Chat API for nameless entry software environments could be arn:aws:qbusiness:<your-region>:<your-aws-account-id>:software/<your-application-id>.

6. Create an IAM function with a belief coverage that permits the Amazon Q Enterprise service principal to imagine the function utilizing AWS Security Token Service (AWS STS), particularly scoped to your software’s Amazon Useful resource Title (ARN) within the designated AWS Area.
   

Create an Amazon Q Enterprise software

Now you’re able to create your Amazon Q Enterprise software:

1. On the Amazon Q Enterprise console, select Create software.
2. For Software title, enter a reputation (for instance, SupportDocs-Assistant).
3. For Consumer entry, choose Nameless entry for this software setting.
4. Choose Net expertise to create a managed internet expertise to entry the Amazon Q Enterprise software.
   

You will notice a discover about consumption-based billing for nameless Amazon Q Enterprise purposes. For extra particulars on pricing, check with Amazon Q Business pricing.

5. Depart the default service function possibility except you could have particular necessities.
6. For Encryption, use the default AWS managed key except you want customized encryption.
7. For Net expertise settings, you need to use an present IAM function out of your account or authorize Amazon Q Enterprise to generate a brand new function with acceptable permissions. For this submit, we choose Use an present service function and select the IAM function created earlier (QBusinessAnonymousWebRole).
8. Optionally, customise the net expertise title and welcome message.
   
9. Evaluate all of your configuration choices and select Create to create the appliance.

It’s best to see a affirmation that your nameless entry software has been created efficiently.

You will see that the mandatory parameters and particulars of your Amazon Q Enterprise software on the touchdown web page displayed after profitable creation like the next screenshot, which supplies complete details about your newly created Amazon Q Enterprise software.

Add knowledge sources

After you create your software, it’s good to add an index and knowledge sources. To be taught extra, check with Index. You will notice a pop-up like the next indicating that nameless entry is enabled.

Full the next steps:

1. Out of your software dashboard, select Add index.
2. Title your index (for instance, Supportdocs-Exterior) and hold the default settings.
3. Select Add an index.
   
4. After you create the index, you possibly can add knowledge sources to it.

For our instance, we use the Amazon Q Enterprise public documentation as our knowledge supply by including the URL https://docs.aws.amazon.com/amazonq/newest/qbusiness-ug/what-is.html. The Net Crawler will mechanically index the content material from this documentation web page, making it searchable via your nameless Amazon Q Enterprise software.

For extra details about Web Crawler configuration options and finest practices, check with Connecting Web Crawler to Amazon Q Business.

5. Out of your index dashboard, select Add knowledge supply.
6. Enter a reputation in your knowledge supply and non-compulsory description.
7. For Supply, choose Supply URLs and enter the URLs of the general public web sites you wish to index.
   
8. For Authentication, choose No authentication.
   
9. Configure the sync run schedule and area mappings.
10. Select Add knowledge supply.
    

Alternatively, you possibly can add Amazon S3 as the data source:

1. Out of your index dashboard, select Add knowledge supply.
2. Choose Amazon S3 because the supply.
3. Configure your S3 bucket settings (be certain the bucket has public entry).
4. Full the information supply creation course of.

You have to solely ingest publicly out there knowledge sources with out entry management lists (ACLs).

Generate an nameless internet expertise URL

After your knowledge sources are arrange, full the next steps:

1. Out of your software dashboard, select your software.
2. Within the Net expertise settings part, select Share one-time URL.
   

The nameless internet expertise URL could be shared as a single-use hyperlink that have to be redeemed and accessed inside 5 minutes. After it’s activated, the Amazon Q Enterprise session stays lively with a configurable timeout starting from 15–60 minutes. This lets you expertise the net interface and take a look at its performance earlier than deploying or providing the nameless software to visitor customers.

Check your nameless Amazon Q Enterprise software

To check the appliance, select Preview internet expertise.

The next screenshot reveals the welcome web page in your nameless Amazon Q Enterprise software’s internet interface. Let’s start asking Amazon Q Enterprise some questions in regards to the Amazon Q index.

Within the first question, we ask “What’s Q index? How is it helpful for ISV’s?” The next screenshot reveals the response.

Within the following question, we ask “How can Q index enrich generative AI experiences for ISVs?”

In our subsequent question, we ask “How is Q index priced?”

Having efficiently examined our nameless Amazon Q Enterprise software via the console, we are going to now discover create an equal software utilizing the AWS CLI.

Create your nameless software utilizing the AWS CLI

Ensure that your AWS CLI is configured with permissions to create Amazon Q Enterprise assets and IAM roles.

Create an IAM function for Amazon Q Enterprise

First, create an IAM function that Amazon Q Enterprise can assume to entry needed assets:

# Create belief coverage doc
cat > trust-policy.json << 'EOF'
{
  "Model": "2012-10-17",
  "Assertion": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "qbusiness.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

# Create IAM function
aws iam create-role 
  --role-name QBusinessAnonymousAppRole 
  --assume-role-policy-document file://trust-policy.json

# Connect needed permissions
aws iam attach-role-policy 
  --role-name QBusinessAnonymousAppRole

Create an nameless Amazon Q Enterprise software

Use the next code to create your software:

#bash
aws qbusiness create-application 
--display-name "PublicKnowledgeBase" 
--identity-type ANONYMOUS 
--role-arn "arn:aws:iam:: <ACCOUNT_ID>:function/QBusinessAnonymousAppRole" 
--description "That is the QBiz software for nameless use-case"

Save the applicationId from the response:

#json

{
  "applicationId": "your-application-id",
  "applicationArn": "arn:aws:qbusiness:area:account-id:software/your-application-id"
}

Create a restrictive coverage for nameless entry

We strongly advocate utilizing the next restricted coverage for the function that shall be used to name the chat APIs for nameless entry software environments. This coverage limits actions to solely the mandatory APIs and restricts entry to solely your particular software.

Create the IAM function with the next coverage:

# Create restrictive coverage doc
cat > anonymous-access-policy.json << 'EOF'
{
  "Model": "2012-10-17",
  "Assertion": [
    {
      "Sid": "QBusinessConversationPermission",
      "Effect": "Allow",
      "Action": [
        "qbusiness:Chat",
        "qbusiness:ChatSync",
        "qbusiness:PutFeedback"
      ],
      "Useful resource": "arn:aws:qbusiness:<REGION>:<ACCOUNT_ID>:software/<APPLICATION_ID>"
    }
  ]
}
EOF

# Connect the coverage to the function
aws iam put-role-policy 
  --role-name QBusinessAnonymousAppRole 
  --policy-name QBusinessAnonymousAccessPolicy 
  --policy-document file://anonymous-access-policy.json

Create an index

Create an index in your content material, then add paperwork utilizing the BatchPutDocument API. For step-by-step steering, see Select Retriever.

Check your nameless Amazon Q Enterprise software

To reveal the chat performance utilizing the AWS CLI, we uploaded Amazon Q Enterprise documentation in PDF format to our index and examined the appliance utilizing the next pattern queries.

The next is an instance chat interplay utilizing the IAM function credentials. We first ask “What’s Amazon Q index?”

#1)
#bash
aws qbusiness chat-sync 
  --application-id <APPLICATION_ID> 
  --user-message "What's Amazon Q index?"

The next screenshot reveals a part of the output from the chat-sync API when executed with our nameless Amazon Q Enterprise software ID, as proven within the earlier command.

Subsequent, we ask “How can Q index enrich generative AI experiences for ISV’s?”

2)
#bash
aws qbusiness chat-sync 
  --application-id <APPLICATION_ID> 
  --user-message "How can Q index enrich generative AI experiences for ISV's?"

The next screenshot reveals a part of the output from the chat-sync API when executed with our nameless Amazon Q Enterprise software ID.

Create an internet expertise for the nameless internet software

Use the next code to create the net expertise:

#bash
aws qbusiness create-web-experience 
  --application-id <APPLICATION_ID> 
  --display-name "PublicKnowledgeBaseExperience" 
  --role-arn "arn:aws:iam::<ACCOUNT_ID>:function/QBusinessAnonymousAppRole" 
  --description "Net interface for my nameless Q Enterprise software"

To generate an nameless URL, use the next code:

#bash
aws qbusiness create-anonymous-web-experience-url 
  --application-id <APPLICATION_ID> 
  --web-experience-id <WEB_EXPERIENCE_ID>

You need to use the net expertise URL generated by the previous command and embed it into your web applications using an iframe.

Issues

Think about the next when utilizing nameless entry in Amazon Q Enterprise:

• The next are the one chat APIs that help nameless entry software environments:
  • Chat
  • ChatSync
  • PutFeedback
• It’s best to solely ingest publicly out there knowledge sources with out ACLs. Examples of public knowledge sources embrace:
  • Knowledge from the Amazon Q Enterprise Net Crawler
  • Amazon S3 knowledge with out ACLs
• Amazon Q Enterprise purposes with nameless entry are billed on a consumption-based pricing mannequin.
• Chat historical past is just not out there for nameless software environments.
• Nameless customers and authenticated customers will not be supported on the identical software environments.
• Plugins will not be supported for nameless software environments.
• Amazon QuickSight integration is just not supported for nameless software

Environments.

• Amazon Q Apps will not be supported for nameless software environments.
• Attachments will not be supported for nameless software environments.
• Admin controls and guardrails are read-only for nameless software environments, apart from blocked words.
• Subject guidelines utilizing customers and teams will not be supported for nameless software

The remaining Amazon Q Enterprise performance and options stay unchanged.

Clear up

If you find yourself finished with the answer, clear up the assets you created.

Conclusion

On this submit, we launched Amazon Q Enterprise nameless person entry mode and demonstrated create, configure, and take a look at an nameless Amazon Q Enterprise software utilizing each the console and AWS CLI. This thrilling function extends enterprise-grade Amazon Q Enterprise generative AI capabilities to your nameless audiences with out requiring authentication, opening up new potentialities for enhancing buyer experiences on public web sites, documentation portals, and self-service data bases. This function is obtainable via a consumption pricing model that expenses based mostly on precise Chat and Chatsync API utilization and index storage prices nonetheless relevant.

By following the implementation steps outlined on this submit, you possibly can rapidly arrange an Amazon Q Enterprise software tailor-made in your exterior customers, secured with acceptable IAM insurance policies, and able to embed in your end-user-facing purposes.

To be taught extra about this nameless entry function, see the Amazon Q Business User Guide. For detailed steering on embedding Amazon Q Enterprise in your internet purposes, see Add a generative AI experience to your website or web application with Amazon Q embedded. When you’re considering constructing utterly customized UI experiences with the Amazon Q Enterprise API, try Customizing an Amazon Q Business web experience.

In regards to the authors

Vishnu Elangovan is a Worldwide Generative AI Answer Architect with over seven years of expertise in Utilized AI/ML. He holds a grasp’s diploma in Knowledge Science and focuses on constructing scalable synthetic intelligence options. He loves constructing and tinkering with scalable AI/ML options and considers himself a lifelong learner. Outdoors his skilled pursuits, he enjoys touring, taking part in sports activities, and exploring new issues to unravel.

Jean-Pierre Dodel is a Principal Product Supervisor for Amazon Q Enterprise, accountable for delivering key strategic product capabilities together with structured knowledge help in Q Enterprise, RAG. and general product accuracy optimizations. He brings in depth AI/ML and Enterprise search expertise to the group with over 7 years of product management at AWS.