Electronic mail your conversations from Amazon Q

As organizations navigate the complexities of the digital realm, generative AI has emerged as a transformative power, empowering enterprises to boost productiveness, streamline workflows, and drive innovation. To maximise the worth of insights generated by generative AI, it’s essential to supply easy methods for customers to protect and share these insights utilizing generally used instruments equivalent to e mail.

Amazon Q Business is a generative AI-powered assistant that may reply questions, present summaries, generate content material, and securely full duties based mostly on information and knowledge in your enterprise techniques. It’s redefining the way in which companies method data-driven decision-making, content material era, and safe job administration. Through the use of the customized plugin functionality of Amazon Q Enterprise, you possibly can prolong its performance to assist sending emails straight from Amazon Q purposes, permitting you to retailer and share the dear insights gleaned out of your conversations with this highly effective AI assistant.

Amazon Simple Email Service (Amazon SES) is an e mail service supplier that gives a easy, cost-effective approach so that you can ship and obtain e mail utilizing your personal e mail addresses and domains. Amazon SES presents many e mail instruments, together with e mail sender configuration choices, e mail deliverability instruments, versatile e mail deployment choices, sender and id administration, e mail safety, e mail sending statistics, e mail status dashboard, and inbound e mail providers.

This put up explores how one can combine Amazon Q Enterprise with Amazon SES to e mail conversations to specified e mail addresses.

Answer overview

The next diagram illustrates the answer structure.

The workflow contains the next steps:

1. Create an Amazon Q Enterprise utility with an Amazon Simple Storage Service (Amazon S3) information supply. Amazon Q makes use of Retrieval Augmented Technology (RAG) to reply person questions.
2. Configure an AWS IAM Identity Center occasion to your Amazon Q Enterprise utility atmosphere with customers and teams added. Amazon Q Enterprise helps each organization- and account-level IAM Identification Middle cases.
3. Create a customized plugin that invokes an OpenAPI schema of the Amazon API Gateway This API sends emails to the customers.
4. Retailer OAuth data in AWS Secrets Manager and supply the key data to the plugin.
5. Present AWS Identity Manager and Access Management (IAM) roles to entry the secrets and techniques in Secrets and techniques Supervisor.
6. The customized plugin takes the person to an Amazon Cognito sign-in web page. The person supplies credentials to log in. After authentication, the person session is saved within the Amazon Q Enterprise utility for subsequent API calls.
7. Put up-authentication, the customized plugin will cross the token to API Gateway to invoke the API.
8. You’ll be able to assist safe your API Gateway REST API from widespread net exploits, equivalent to SQL injection and cross-site scripting (XSS) assaults, utilizing AWS WAF.
9. AWS Lambda hosted in Amazon Virtual Private Cloud (Amazon VPC) internally calls the Amazon SES SDK.
10. Lambda makes use of AWS Identity and Access Management (IAM) permissions to make an SDK name to Amazon SES.
11. Amazon SES sends an e mail utilizing SMTP to verified emails offered by the person.

Within the following sections, we stroll by the steps to deploy and check the answer. This answer is supported solely within the us-east-1 AWS Area.

Stipulations

Full the next stipulations:

1. Have a legitimate AWS account.
2. Enable an IAM Identity Center instance and seize the Amazon Useful resource Identify (ARN) of the IAM Identification Middle occasion from the settings web page.
3. Add users and groups to IAM Identification Middle.
4. Have an IAM function within the account that has ample permissions to create the mandatory sources. When you have administrator entry to the account, no motion is critical.
5. Allow Amazon CloudWatch Logs for API Gateway. For extra data, see How do I turn on CloudWatch Logs to troubleshoot my API Gateway REST API or WebSocket API?
6. Have two e mail addresses to ship and obtain emails that you could confirm utilizing the hyperlink despatched to you. Don’t use current verified identities in Amazon SES for these e mail addresses. In any other case, the AWS CloudFormation template will fail.
7. Have an Amazon Q Enterprise Professional subscription to create Amazon Q apps.
8. Have the service-linked IAM function AWSServiceRoleForQBusiness. Should you don’t have one, create it with the amazonaws.com service title.
9. Allow AWS CloudTrail logging for operational and danger auditing. For directions, see Creating a trail for your AWS account.
10. Enable budget policy notifications to assist shield from undesirable billing.

Deploy the answer sources

On this step, we use a CloudFormation template to deploy a Lambda operate, configure the REST API, and create identities. Full the next steps:

1. Open the AWS CloudFormation console within the us-east-1
2. Select Create stack.
3. Obtain the CloudFormation template and add it within the Specify template
4. Select Subsequent.

5. For Stack title, enter a reputation (for instance, QIntegrationWithSES).
6. Within the Parameters part, present the next:
   1. For IDCInstanceArn, enter your IAM Identification Middle occasion ARN.
   2. For LambdaName, enter the title of your Lambda operate.
   3. For Fromemailaddress, enter the handle to ship e mail.
   4. For Toemailaddress, enter the handle to obtain e mail.
7. Select Subsequent.

8. Hold the opposite values as default and choose I acknowledge that AWS CloudFormation may create IAM sources within the Capabilities
9. Select Submit to create the CloudFormation stack.
10. After the profitable deployment of the stack, on the Outputs tab, make a remark of the worth for apiGatewayInvokeURL. You will have this later to create a customized plugin.

Verification emails might be despatched to the Toemailaddress and Fromemailaddress values offered as enter to the CloudFormation template.

11. Verify the newly created e mail identities utilizing the hyperlink within the e mail.

This put up doesn’t cowl auto scaling of Lambda features. For extra details about find out how to combine Lambda with Utility Auto Scaling, see AWS Lambda and Application Auto Scaling.

To configure AWS WAF on API Gateway, seek advice from Use AWS WAF to protect your REST APIs in API Gateway.

That is pattern code, for non-production utilization. You must work along with your safety and authorized groups to fulfill your organizational safety, regulatory, and compliance necessities earlier than deployment.

Create Amazon Cognito customers

This answer makes use of Amazon Cognito to authorize customers to make a name to API Gateway. The CloudFormation template creates a brand new Amazon Cognito person pool.

Full the next steps to create a person within the newly created person pool and seize details about the person pool:

1. On the AWS CloudFormation console, navigate to the stack you created.
2. On the Sources tab, select the hyperlink subsequent to the bodily ID for CognitoUserPool.

3. On the Amazon Cognito console, select Person administration and customers within the navigation pane.
4. Select Create person.
5. Enter an e mail handle and password of your selection, then select Create person.

6. Within the navigation pane, select Purposes and app purchasers.
7. Seize the consumer ID and consumer secret. You will have these later throughout customized plugin growth.
8. On the Login pages tab, copy the values for Allowed callback URLs. You will have these later throughout customized plugin growth.
9. Within the navigation pane, select Branding.
10. Seize the Amazon Cognito area. You will have this data to replace OpenAPI specs.

Add paperwork to Amazon S3

This answer makes use of the absolutely managed Amazon S3 information supply to seamlessly energy a RAG workflow, eliminating the necessity for customized integration and information circulation administration.

For this put up, we use sample articles to add to Amazon S3. Full the next steps:

1. On the AWS CloudFormation console, navigate to the stack you created.
2. On the Sources tab, select the hyperlink for the bodily ID of AmazonQDataSourceBucket.

3. Add the pattern articles file to the S3 bucket. For directions, see Uploading objects.

Add customers to the Amazon Q Enterprise utility

Full the next steps so as to add customers to the newly created Amazon Q enterprise utility:

1. On the Amazon Q Enterprise console, select Purposes within the navigation pane.
2. Select the applying you created utilizing the CloudFormation template.
3. Beneath Person entry, select Handle person entry.

4. On the Handle entry and subscriptions web page, select Add teams and customers.

5. Choose Assign current customers and teams, then select Subsequent.
6. Seek for your IAM Identification Middle person group.

7. Select the group and select Assign so as to add the group and its customers.
8. Be sure that the present subscription is Q Enterprise Professional.
9. Select Verify.

Sync Amazon Q information sources

To sync the information supply, full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Select Information Sources underneath Enhancements within the navigation pane.
3. From the Information sources listing, choose the information supply you created by the CloudFormation template.
4. Select Sync now to sync the information supply.

It takes a while to sync with the information supply. Wait till the sync standing is Accomplished.

Create an Amazon Q customized plugin

On this part, you create the Amazon Q customized plugin for sending emails. Full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Beneath Enhancements within the navigation pane, select Plugins.
3. Select Add plugin.

4. Select Create customized plugin.
5. For Plugin title, enter a reputation (for instance, email-plugin).
6. For Description, enter an outline.
7. Choose Outline with in-line OpenAPI schema editor.

You may as well add API schemas to Amazon S3 by selecting Choose from S3. That may be the easiest way to add for manufacturing use circumstances.

Your API schema will need to have an API description, construction, and parameters to your customized plugin.

8. Choose JSON for the schema format.
9. Enter the next schema, offering your API Gateway invoke URL and Amazon Cognito area URL:

{
    "openapi": "3.0.0",
    "data": {
        "title": "Ship Electronic mail API",
        "description": "API to ship e mail from SES",
        "model": "1.0.0"
    },
    "servers": [
        {
            "url": "< API Gateway Invoke URL >"
        }
    ],
    "paths": {
        "/": {
            "put up": {
                "abstract": "ship e mail to the person and returns the success message",
                "description": "ship e mail to the person and returns the success message",
                "safety": [
                    {
                        "OAuth2": [
                            "email/read"
                        ]
                    }
                ],
                "requestBody": {
                    "required": true,
                    "content material": {
                        "utility/json": {
                            "schema": {
                                "$ref": "#/parts/schemas/sendEmailRequest"
                            }
                        }
                    }
                },
                "responses": {
                    "200": {
                        "description": "Profitable response",
                        "content material": {
                            "utility/json": {
                                "schema": {
                                    "$ref": "#/parts/schemas/sendEmailResponse"
                                }
                            }
                        }
                    }
                }
            }
        }
    },
    "parts": {
        "schemas": {
            "sendEmailRequest": {
                "sort": "object",
                "required": [
                                "emailContent",
                                "toEmailAddress",
                                "fromEmailAddress"

                ],
                "properties": {
                    "emailContent": {
                        "sort": "string",
                        "description": "Physique of the e-mail."
                    },
                    "toEmailAddress": {
                      "sort": "string",
                      "description": "To e mail handle."
                    },
                    "fromEmailAddress": {
                          "sort": "string",
                          "description": "To e mail handle."
                    }
                }
            },
            "sendEmailResponse": {
                "sort": "object",
                "properties": {
                    "message": {
                        "sort": "string",
                        "description": "Success or failure message."
                    }
                }
            }
        },
        "securitySchemes": {
            "OAuth2": {
                "sort": "oauth2",
                "description": "OAuth2 consumer credentials circulation.",
                "flows": {
                    "authorizationCode": {
                        "authorizationUrl": "<Cognito Area>/oauth2/authorize",
                        "tokenUrl": "<Cognito Area>/oauth2/token",
                        "scopes": {
                            "e mail/learn": "learn the e-mail"    
                        }
                    }
                }      
            }
        }
    }
}    

10. Beneath Authentication, choose Authentication required.
11. For AWS Secrets and techniques Supervisor secret, select Create and add new secret.

12. Within the Create an AWS Secrets and techniques Supervisor secret pop-up, enter the next values captured earlier from Amazon Cognito:
    1. Shopper ID
    2. Shopper secret
    3. OAuth callback URL

13. For Select a technique to authorize Amazon Q Enterprise, go away the default choice as Create and use a brand new service function.
14. Select Add plugin so as to add your plugin.

Anticipate the plugin to be created and the construct standing to indicate as Prepared.

The utmost measurement of an OpenAPI schema in JSON or YAML is 1 MB.

To maximise accuracy with the Amazon Q Enterprise customized plugin, observe the best practices for configuring OpenAPI schema definitions for customized plugins.

Take a look at the answer

To check the answer, full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Within the Net expertise settings part, discover the deployed URL.
3. Open the online expertise deployed URL.
4. Use the credentials of the person created earlier in IAM Identification Middle to log in to the online expertise.

5. Select the specified multi-factor authentication (MFA) system to register. For extra data, see Register an MFA device for users.
6. After you log in to the online portal, select the suitable utility to open the chat interface.

7. Within the Amazon Q portal, enter “summarize attendance and go away coverage of the corporate.”

Amazon Q Enterprise supplies solutions to your questions from the uploaded paperwork.

Now you can e mail this dialog utilizing the customized plugin constructed earlier.

8. On the choices menu (three vertical dots), select Use a Plugin to see the email-plugin created earlier.

9. Select email-plugin and enter “Electronic mail the abstract of this dialog.”
10. Amazon Q will ask you to supply the e-mail handle to ship the dialog. Present the verified id configured as a part of the CloudFormation template.

11. After you enter your e mail handle, the authorization web page seems. Enter your Amazon Cognito person e mail ID and password to authenticate and select Register.

This step verifies that you just’re a licensed person.

The e-mail might be despatched to the desired inbox.

You’ll be able to additional personalize the emails by utilizing email templates.

Securing the answer

Safety is a shared responsibility model between you and AWS and is described as safety of the cloud vs. safety in the cloud. Take into account the next finest practices:

• To construct a safe e mail utility, we advocate you observe finest practices for Security, Identity & Compliance to assist shield delicate data and keep person belief.
• For entry management, we advocate that you just shield AWS account credentials and arrange particular person customers with IAM Identification Middle or IAM.
• You’ll be able to retailer buyer information securely and encrypt delicate data at relaxation utilizing AWS managed keys or customer managed keys.
• You’ll be able to implement logging and monitoring systems to detect and reply to suspicious actions promptly.
• Amazon Q Enterprise will be configured to assist meet your security and compliance objectives.
• You’ll be able to keep compliance with related information safety rules, equivalent to GDPR or CCPA, by implementing correct information dealing with and retention insurance policies.
• You’ll be able to implement guardrails to outline international controls and topic-level controls to your utility atmosphere.
• You’ll be able to allow AWS Shield in your community to assist stop DDOS assaults.
• You must observe finest practices of Amazon Q entry management listing (ACL) crawling to assist shield your online business information. For extra particulars, see Enable or disable ACL crawling safely in Amazon Q Business.
• We advocate utilizing the aws:SourceArn and aws:SourceAccount international situation context keys in useful resource insurance policies to restrict the permissions that Amazon Q Enterprise provides one other service to the useful resource. For extra data, seek advice from Cross-service confused deputy prevention.

By combining these safety measures, you possibly can create a sturdy and reliable utility that protects each your online business and your prospects’ data.

Clear up

To keep away from incurring future expenses, delete the sources that you just created and clear up your account. Full the next steps:

1. Empty the contents of the S3 bucket that was created as a part of the CloudFormation stack.
2. Delete the Lambda function UpdateKMSKeyPolicyFunction that was created as part of the CloudFormation stack.
3. Delete the CloudFormation stack.
4. Delete the identities in Amazon SES.
5. Delete the Amazon Q Business application.

Conclusion

The combination of Amazon Q Enterprise, a state-of-the-art generative AI-powered assistant, with Amazon SES, a sturdy e mail service supplier, unlocks new potentialities for companies to harness the ability of generative AI. By seamlessly connecting these applied sciences, organizations can’t solely achieve productive insights from your online business information, but in addition e mail them to their inbox.

Able to supercharge your staff’s productiveness? Empower your workers with Amazon Q Enterprise at this time! Unlock the potential of customized plugins and seamless e mail integration. Don’t let worthwhile conversations slip away—you possibly can seize and share insights effortlessly. Moreover, discover our library of built-in plugins.

Keep updated with the newest developments in generative AI and begin constructing on AWS. Should you’re in search of help on find out how to start, take a look at the AWS Generative AI Innovation Center.

In regards to the Authors

Sujatha Dantuluri is a seasoned Senior Options Architect within the US federal civilian staff at AWS, with over 20 years of expertise supporting industrial and federal authorities purchasers. Her experience lies in architecting mission-critical options and dealing intently with prospects to make sure their success. Sujatha is an achieved public speaker, incessantly sharing her insights and data at business occasions and conferences. She has contributed to IEEE requirements and is obsessed with empowering others by her partaking shows and thought-provoking concepts.

NagaBharathi Challa is a options architect supporting Division of Protection staff at AWS. She works intently with prospects to successfully use AWS providers for his or her mission use circumstances, offering architectural finest practices and steering on a variety of providers. Exterior of labor, she enjoys spending time with household and spreading the ability of meditation.

Pranit Raje is a Options Architect within the AWS India staff. He works with ISVs in India to assist them innovate on AWS. He makes a speciality of DevOps, operational excellence, infrastructure as code, and automation utilizing DevSecOps practices. Exterior of labor, he enjoys occurring lengthy drives together with his beloved household, spending time with them, and watching motion pictures.

Dr Anil Giri is a Options Architect at Amazon Net Providers. He works with enterprise software program and SaaS prospects to assist them construct generative AI purposes and implement serverless architectures on AWS. His focus is on guiding purchasers to create modern, scalable options utilizing cutting-edge cloud applied sciences.