Use Amazon Fast Suite customized motion connectors to add textual content information to Google Drive utilizing OpenAPI specification

Many organizations have to handle file uploads throughout completely different cloud storage programs whereas sustaining safety and compliance. Though Google Drive gives APIs for integration, organizations typically don’t have the technical specialists to work together with these APIs straight. Organizations want an intuitive technique to deal with file uploads utilizing pure language, with out requiring specialised information of the underlying programs or APIs.

Amazon Quick Suite is an enterprise AI platform that gives generative AI-powered capabilities for office productiveness and enterprise intelligence. It brings AI-powered analysis, enterprise intelligence, and automation capabilities right into a single workspace and may sort out a variety of duties—from answering questions and producing content material, to analyzing knowledge and offering strategic insights. To increase its capabilities past fundamental knowledge looking, Amazon Fast Suite gives action connectors, highly effective parts that permit interplay with exterior enterprise programs. With these motion connectors, customers can carry out actions and entry info from varied enterprise instruments whereas staying inside the Amazon Fast Suite interface.

Amazon Fast Suite helps exterior service connectors, AWS service connectors, and customized connectors. Exterior service connectors present ready-to-use integrations with frequent enterprise functions, serving to organizations shortly implement commonplace functionalities. Nonetheless, for specialised wants like integrating with Google Drive or constructing customized workflows like importing a file to a drive, Amazon Fast Suite gives customized connectors that helps organizations to execute advanced duties via easy conversational instructions and create a unified workspace by connecting varied instruments via OpenAPI specs, assuaging the necessity to continuously swap between completely different interfaces.

This method considerably reduces the technical barrier to entry for organizations whereas ensuring they preserve management over safety and entry permissions. By utilizing Amazon Fast Suite customized connectors, organizations can rework file administration operations into easy, conversation-based interactions that approved person can carry out.

On this put up, we exhibit the right way to construct a safe file add resolution by integrating Google Drive with Amazon Fast Suite customized connectors utilizing Amazon API Gateway and AWS Lambda.

Resolution overview

This resolution addresses frequent challenges organizations face when managing file operations throughout cloud storage programs, comparable to sustaining safety compliance, managing person permissions, and lowering the technical obstacles for customers. With the pure language understanding capabilities and customized connectors out there in Amazon Fast Suite, organizations can rework Google Drive operations into easy, conversation-based interactions whereas supporting safe file uploads to the folders the person has entry to. The answer demonstrates the ability of mixing agentic AI capabilities of Amazon Fast Suite with enterprise storage programs to create a extra environment friendly and user-friendly file administration expertise. Though this put up covers the use case of importing a file to Google Drive, you should use an identical method to add information to different enterprise storage programs like Amazon Simple Storage Service (Amazon S3), Field, Dropbox, SharePoint, and extra.

The next instance demonstrates how producers can use an Amazon Fast Suite to add textual content information to shared drive in Google Drive.

The next diagram illustrates the answer structure that makes use of AWS providers and integrations to supply a seamless and person expertise. It illustrates the important thing parts and the circulation of the answer.

The structure consists of the next key parts:

• The UI for the chatbot is constructed utilizing the Amazon Quick Suite chat agent.
• The person authentication is dealt with by AWS IAM Identity Center, and authorization is dealt with by Amazon Fast Suite and Amazon Cognito.
• Related actions are recognized based mostly on pure language queries from the customers utilizing Amazon Quick Suite action connectors. Amazon Fast Suite makes use of the configured third-party OpenAPI specs to dynamically decide which API operations to carry out to satisfy an finish person request. Moreover, the API calls are approved utilizing an Amazon Cognito authorizer, which makes use of Google federated id for authorization.
• The APIs are applied utilizing API Gateway and Lambda features.
• The Lambda perform has the logic to verify if the approved person has the required permissions to add a file to the folder talked about within the question, and calls the Google service through the use of the service account credentials saved in AWS Secrets Manager to add the file to Google Drive.

Within the following sections, we discover the technical method for constructing an Amazon Fast Suite customized connectors to add information to Google Drive. For step-by-step steering, seek advice from the GitHub repository.

Stipulations

Confirm you’ve gotten the next conditions:

Configure Google surroundings

On this part, you configure and arrange the Google Workspace and Google Drive.

Arrange the Google Workspace account

Earlier than you’ll be able to combine the Google Drive performance into the Amazon Fast Suite resolution, you will need to first arrange the required configurations inside the Google Workspace surroundings. Full the next steps:

1. Allow Google Drive and Admin SDK APIs.
2. Create a service account and a JSON non-public key to entry the service account from Amazon Fast Suite. Save this key to finish the configuration in subsequent steps.
3. Add a domain-wide delegation. This entails associating the service account’s consumer ID with the next OAuth scopes to permit the service account to entry group knowledge in Google Drive:
   1. https://www.googleapis.com/auth/drive.readonly
   2. https://www.googleapis.com/auth/drive.metadata.readonly
   3. https://www.googleapis.com/auth/admin.listing.group.readonly
   4. https://www.googleapis.com/auth/admin.listing.person.readonly
   5. https://www.googleapis.com/auth/cloud-platform

Create customers in Google Workspace

To exhibit the entry management performance, create two check customers within the Google Workspace admin console, known as check user1 and check user2.

Configure shared drive in Google Drive

To configure the shared drive entry permissions in Google Drive:

1. Create a brand new shared drive in Google Drive and make notice of the folder ID to make use of later when testing this resolution.
2. Arrange entry permissions:
   • Grant check user1 the Content material Supervisor position to permit full file administration capabilities.
   • Depart check user2 with none entry permissions to the shared drive.

This setup makes it attainable to validate that the answer appropriately enforces entry controls based mostly on Google Drive permissions.

Configure AWS surroundings

On this part, we stroll via the steps to configure AWS settings and assets.

Configure customers and permissions on AWS

Create corresponding customers in IAM Identification Heart that match the check customers created in Google Workspace:

1. Create a person for check user1.
2. Create a person for check user2.

Alternatively, for enterprise deployments, handle customers via your enterprise id supplier (IdP). Configure System for Cross-domain Identification Administration (SCIM) for automated person provisioning and lifecycle administration. For extra info, see How to connect to an external identity provider.

3. Full the e-mail verification and password reset course of.
4. Create a bunch inside IAM Identification Heart with the above two customers added.

Create a secret for Google service account credentials

To retailer the Google service account credentials securely:

1. Create a brand new secret in Secrets and techniques Supervisor:
   • Retailer the JSON non-public key generated for the Google service account.
   • Use applicable secret naming conventions for fast identification.
2. Configure entry controls:

This safe credential administration method gives the next capabilities:

• Protects delicate Google service account credentials
• Allows the Lambda perform to authenticate with Google Drive APIs
• Helps safe file uploads on behalf of approved customers
• Follows AWS safety greatest practices for managing utility secrets and techniques

Create the Amazon Fast Suite account

To create and configure the Amazon Fast Suite account:

1. Seek for Amazon Fast Suite in AWS administration console and join a brand new Amazon Fast Suite account.
2. Present the account identify and e mail deal with to which the notifications associated to the account must be delivered.
3. Choose the authentication methodology as IAM Identity Center. This authentication methodology could be configured solely utilizing Enterprise version of Fast Suite.
4. Add the group created in IAM Identification Heart with two check customers as Admin Professional group.
5. Maintain all different setting as-is and create the account.
6. Confirm person entry. Affirm each customers can efficiently log in to the account.

Configure Amazon Cognito for authentication and authorization

To configure Amazon Cognito, full the next steps:

1. Within the Amazon Cognito console, create an Amazon Cognito person pool:
   • Arrange a brand new person pool to handle person identities.
   • Configure fundamental person pool settings.
2. Configure an utility consumer:
   • Create an utility consumer within the person pool.
   • Set Software sort to Machine-to-machine utility.
3. Create an Amazon Cognito area:
   • Configure the area with Hosted UI (traditional) branding model.
   • Make notice of the Amazon Cognito area identify for subsequent steps.
4. Configure Google OAuth credentials:
   • In Google Workspace, create OAuth credentials, and supply the approved redirect URI as <cognito-domain-name>/oauth2/idpresponse.
5. Arrange Google as a federated IdP:
   • Use the consumer ID and consumer secret from the Google OAuth credentials from the earlier step.
   • Configure approved scopes as profile e mail openid (approved scopes are separated with areas).
   • Map the Amazon Cognito person pool attributes for e mail, identify, and person identify to the corresponding Google attributes.
6. Configure login web page settings:
   • Set Allowed callback URLs to https://<your-region>.quicksight.aws.amazon.com/sn/oauthcallback.
   • Select Google because the IdP.
7. Configure OAuth 2.0:
   • Set Grant sort to Authorization code grant.
   • Set the OpenID join scopes as E mail, OpenID, and Profile.

Guarantee all URIs and callback URLs are appropriately formatted and match your utility’s configuration.

Configure the Lambda perform

On this part, we stroll via the steps to configure the Lambda perform which accommodates the logic for validating person permissions, interacting with the Google Drive API and importing the information to the designated folder.

1. Deploy the Lambda perform:
2. Use the code supplied within the lambda_function.py file.
3. Embrace all vital dependencies listed within the requirements.txt file.
4. Configure surroundings variables:
   • COGNITO_USER_POOL_ID – The person pool ID out of your Amazon Cognito configuration.
   • REGION_NAME – Your AWS Area.
   • SECRET_NAME – The Amazon Useful resource Title (ARN) of the key for Google service account credentials saved in Secrets and techniques Supervisor.
5. Arrange Lambda execution IAM position permissions for the Lambda perform to entry Secrets and techniques Supervisor and Amazon Cognito. The steps to outline the IAM coverage could be discovered within the GitHub repository.

Configure API Gateway

Full the next steps to configure an API useful resource:

1. Create a REST API:
   • Use the OpenAPI schema outlined within the api-gateway-spec.yaml file, which could be discovered within the GitHub repository.
   • Within the schema, present your Area and Lambda perform ARN.
2. Create a brand new stage for the API and configure stage settings applicable on your surroundings.
3. Configure the Amazon Cognito authorizer:
   • Hyperlink to the beforehand created Amazon Cognito person pool.
   • Set the authorization scopes: openid, e mail, profile, and aws.cognito.signin.person.admin.
4. Permit API Gateway to invoke the Lambda perform from the perform’s resource-based policy:
   • On the Lambda console, modify the resource-based coverage and grant invoke permission to the API Gateway supply ARN for the POST methodology.
5. Deploy the API:
   • Deploy to your created stage.
   • Make notice of the API endpoint URL to be used within the Amazon Fast Suite configuration.

Create the Amazon Fast Suite customized motion connector

On this step, we create the customized motion connector inside Amazon Fast Suite:

1. Find the openapischema.json file within the GitHub repository and change the next placeholder values:
   • <your-api-gateway-url-with-stage>
   • <your-cognito-domain-name>
   • <your-region>
   • <your-user-pool-id>
   • <your-cognito-app-client-id>
2. Sign up to the Fast Suite account created earlier as check user1.
3. Navigate to the integrations part in your Amazon Fast Suite account and create a brand new motion utilizing OpenAPI specification customized connector sort.
   • Add the modified OpenAPI schema file named openapischema.json.
4. Create the mixing with authentication methodology as Consumer authentication and full the opposite fields:
   • Base URL – Use your API Gateway Endpoint. Ensure to incorporate the stage identify as effectively on the finish.
   • Consumer ID – Use your Cognito App consumer Consumer ID.
   • Consumer secret – Use your Cognito App consumer Consumer Secret.
   • Token URL – <your-cognito-domain-name>/oauth2/token
   • Authorization URL – <your-cognito-domain-name>/oauth2/authorize
   • Redirect URL – https://<your-region>.quicksight.aws.amazon.com/sn/oauthcallback
5. Share the mixing – Share the mixing created with the group in IAM Identification Heart that has two check customers added.

Customers can now add information to Google Drive via pure language interactions.

Create the Amazon Fast Suite chat agent to add file to Google Drive:

There are two methods to work together with the chat agent

1. Fast Suite has a default chat agent known as My Assistant which can be utilized so as to add the motion which is configured as a part of the earlier steps.
2. Create a customized chat agent
   • Select Chat brokers from the left navigation pane.
   • Create a brand new chat agent by offering a Title and Agent id.
   • Beneath Actions, hyperlink the motion connector created within the above step and launch the agent.
   • As soon as the agent is launched efficiently, share the agent with check user2 by looking the person’s e mail deal with and supply viewer permissions to the chat agent.

Take a look at the answer

Now you’re prepared to check the file add capabilities with applicable permissions.

State of affairs 1: Take a look at as Content material Supervisor or Contributor to the shared drive

1. Log in to the Fast Suite account as check user1.
2. Select the chat agent from the left navigation pane. Choose the agent created as a part of the earlier step.
3. Enter the next immediate inside the chat window: “Add a file with filename as ‘testfile1.txt’ and file content material as ‘It is a pattern textual content file I’m importing to shared drive’ and folder id as <the shared drive folder id that you just made notice of whereas creating the shared drive in Google Drive>”.

When prompted to authorize, log in to the Google account.

After you might be efficiently approved, confirm the fields you entered and modify them if vital.

As soon as the motion is accomplished, you’ll see successful message with the hyperlink to the file uploaded to Google Drive.

Copy and paste the hyperlink in a brand new browser tab to see the file uploaded.

State of affairs 2: Take a look at with no permissions to the shared drive

Entry the chat agent utilizing Amazon Fast Suite account as check user2, then attempt to run the identical immediate to add the file to the shared drive. As a result of check user2 doesn’t have entry to the shared drive, you’ll get an error message much like that proven within the following screenshot.

Clear up

When you now not require the assets deployed as a part of this resolution, and also you wish to keep away from incurring ongoing prices related to these assets, full the next steps to wash up and delete the related parts:

1. Delete Amazon Fast Suite associated assets, together with your Amazon Fast Suite account.
2. Delete the secrets and techniques created for this utility from Secrets and techniques Supervisor.
3. Delete the Lambda perform.
4. Delete the API deployed in API Gateway.
5. Delete the person pool in Amazon Cognito and different configurations made.

Conclusion

This put up demonstrated how organizations can use Amazon Fast Suite motion connectors to construct a safe and intuitive file add resolution that integrates with Google Drive. By utilizing AWS providers like API Gateway, AWS Lambda, Amazon Cognito, and Secrets and techniques Supervisor, together with the pure language capabilities of Amazon Fast Suite, companies can rework file administration duties into easy, conversation-based interactions. With this safe file add resolution utilizing Amazon Fast Suite, customers can handle their Google Drive content material via pure language interactions.

The important thing advantages of this method embrace:

• Improved person expertise – Customers can add information to Google Drive utilizing pure language prompts, with no need specialised technical information of the underlying APIs and programs.
• Enhanced safety and compliance – The answer enforces entry controls by permitting solely customers with vital permissions to add information to the shared drive with file entry permissions managed via Google Drive and an Amazon Cognito person pool.
• Diminished operational complexity – The customized motion connectors method abstracts away the technical complexities of integrating with third-party cloud storage providers, so organizations can deal with delivering helpful capabilities to their customers.

For step-by-step steering, seek advice from the GitHub repository. Check out the answer for your self and share your suggestions and questions within the feedback.

Concerning the authors

Naimisha Pinna is a Options Architect at AWS, accountable for serving to Enterprise prospects on their journey within the cloud. She graduated with a Grasp’s diploma in Laptop Science from Previous Dominion College. Her space of specialization is in AI and ML. She enjoys portray and gardening.

Josh Demuth is a GenAI Options Architect with 20 years within the tech business, with a number of years specializing in programs integration. He thrives on creating options that make disparate programs work collectively and discovering progressive approaches to enterprise issues. The fast evolution of AI and automation has him excited concerning the transformative options on the horizon.