Construct public-facing generative AI functions utilizing Amazon Q Enterprise for nameless customers

Amazon Q Enterprise is a generative AI-powered assistant that solutions query, offers summaries, generates content material, and securely completes duties primarily based on enterprise information and knowledge. It connects to firm information sources, functions, and inner programs to supply related, contextual solutions whereas sustaining organizational safety and compliance requirements.

Right now, we’re excited to announce that Amazon Q Enterprise now helps nameless person entry. With this new characteristic, now you can create Amazon Q Enterprise functions with nameless person mode, the place person authentication will not be required and content material is publicly accessible. These nameless person functions can be utilized in use circumstances resembling public web site Q&A, documentation portals, and buyer self-service experiences.

This functionality permits visitor customers to make use of Amazon Q Enterprise generative AI capabilities to rapidly discover product info, get technical solutions, navigate documentation, and troubleshoot points. Your public-facing web sites, documentation, and assist portals can now ship the identical highly effective AI-driven help that authenticated customers obtain, creating an expertise that enriches the visitor person journey throughout your digital environments.

With this launch, you’ll be able to seamlessly combine an nameless Amazon Q Enterprise utility into your web sites and net functions via two pathways: both by embedding the ready-to-use net expertise into your web sites utilizing an iframe for fast deployment, or through the use of our Chat, ChatSync, and PutFeedback APIs to construct fully personalized interfaces inside your individual functions. For nameless Amazon Q Enterprise functions, we’ve carried out a easy consumption-based pricing mannequin the place you’re charged primarily based on the variety of Chat or ChatSync API operations your nameless Amazon Q Enterprise functions make.

On this publish, we reveal the right way to construct a public-facing generative AI utility utilizing Amazon Q Enterprise for nameless customers.

Answer overview

On this resolution, we stroll you thru creating an nameless Amazon Q Enterprise utility utilizing each the AWS Administration Console and AWS Command Line Interface (AWS CLI). Our instance demonstrates a sensible situation: serving to web site guests discover info on public-facing documentation web sites.

We reveal the right way to check the implementation with pattern queries via the built-in net expertise URL. The ensuing utility may be personalized and embedded straight into your web sites (utilizing the API or the iframe methodology), offering instant worth to your customers.

Stipulations

To comply with together with this publish, you will want the next:

• An AWS account.
• A minimum of one Amazon Q Enterprise Professional person that has admin permissions to arrange and configure Amazon Q Enterprise. For pricing info, see Amazon Q Enterprise pricing.
• AWS Identification and Entry Administration (IAM) permissions to create and handle IAM roles and insurance policies.
• Public content material to index (paperwork, FAQs, information base articles) that may be shared with unauthenticated customers.
• A supported information supply to attach, resembling an Amazon Easy Storage Service (Amazon S3) bucket containing your public paperwork.
• The AWS CLI configured with applicable permissions (if following the AWS CLI methodology).

Create an nameless Amazon Q Enterprise utility utilizing the console

On this part, we stroll via the steps to implement the answer utilizing the console.

Create an IAM function for the online expertise

Earlier than creating your Amazon Q Enterprise utility, you will want to arrange an IAM function with the suitable permissions:

1. On the IAM console, select Roles within the navigation pane and select Create function.
2. Select AWS service because the trusted entity
3. Choose Amazon Q Enterprise from the service checklist.
4. Select Subsequent: Permissions.
5. Create a customized coverage or connect the mandatory read-only insurance policies, and add permissions for nameless entry.

We strongly advocate that you simply use a restricted coverage for the function, just like the one proven within the following screenshot, which will likely be used to create the online expertise for nameless entry utility environments.

An instance of a restricted function coverage for calling the Chat API for nameless entry utility environments can be arn:aws:qbusiness:::utility/.

6. Create an IAM function with a belief coverage that enables the Amazon Q Enterprise service principal to imagine the function utilizing AWS Safety Token Service (AWS STS), particularly scoped to your utility’s Amazon Useful resource Title (ARN) within the designated AWS Area.
   

Create an Amazon Q Enterprise utility

Now you’re able to create your Amazon Q Enterprise utility:

1. On the Amazon Q Enterprise console, select Create utility.
2. For Utility title, enter a reputation (for instance, SupportDocs-Assistant).
3. For Person entry, choose Nameless entry for this utility surroundings.
4. Choose Internet expertise to create a managed net expertise to entry the Amazon Q Enterprise utility.
   

You will note a discover about consumption-based billing for nameless Amazon Q Enterprise functions. For extra particulars on pricing, consult with Amazon Q Enterprise pricing.

5. Depart the default service function possibility until you have got particular necessities.
6. For Encryption, use the default AWS managed key until you want customized encryption.
7. For Internet expertise settings, you need to use an present IAM function out of your account or authorize Amazon Q Enterprise to generate a brand new function with applicable permissions. For this publish, we choose Use an present service function and select the IAM function created earlier (QBusinessAnonymousWebRole).
8. Optionally, customise the online expertise title and welcome message.
   
9. Assessment all of your configuration choices and select Create to create the appliance.

You need to see a affirmation that your nameless entry utility has been created efficiently.

You can see the mandatory parameters and particulars of your Amazon Q Enterprise utility on the touchdown web page displayed after profitable creation like the next screenshot, which offers complete details about your newly created Amazon Q Enterprise utility.

Add information sources

After you create your utility, you’ll want to add an index and information sources. To study extra, consult with Index. You will note a pop-up like the next indicating that nameless entry is enabled.

Full the next steps:

1. Out of your utility dashboard, select Add index.
2. Title your index (for instance, Supportdocs-Exterior) and preserve the default settings.
3. Select Add an index.
   
4. After you create the index, you’ll be able to add information sources to it.

For our instance, we use the Amazon Q Enterprise public documentation as our information supply by including the URL https://docs.aws.amazon.com/amazonq/newest/qbusiness-ug/what-is.html. The Internet Crawler will routinely index the content material from this documentation web page, making it searchable via your nameless Amazon Q Enterprise utility.

For extra details about Internet Crawler configuration choices and finest practices, consult with Connecting Internet Crawler to Amazon Q Enterprise.

5. Out of your index dashboard, select Add information supply.
6. Enter a reputation to your information supply and non-obligatory description.
7. For Supply, choose Supply URLs and enter the URLs of the general public web sites you wish to index.
   
8. For Authentication, choose No authentication.
   
9. Configure the sync run schedule and subject mappings.
10. Select Add information supply.
    

Alternatively, you’ll be able to add Amazon S3 as the information supply:

1. Out of your index dashboard, select Add information supply.
2. Choose Amazon S3 because the supply.
3. Configure your S3 bucket settings (ensure the bucket has public entry).
4. Full the information supply creation course of.

You need to solely ingest publicly out there information sources with out entry management lists (ACLs).

Generate an nameless net expertise URL

After your information sources are arrange, full the next steps:

1. Out of your utility dashboard, select your utility.
2. Within the Internet expertise settings part, select Share one-time URL.
   

The nameless net expertise URL may be shared as a single-use hyperlink that should be redeemed and accessed inside 5 minutes. After it’s activated, the Amazon Q Enterprise session stays energetic with a configurable timeout starting from 15–60 minutes. This allows you to expertise the online interface and check its performance earlier than deploying or providing the nameless utility to visitor customers.

Check your nameless Amazon Q Enterprise utility

To check the appliance, select Preview net expertise.

The next screenshot reveals the welcome web page to your nameless Amazon Q Enterprise utility’s net interface. Let’s start asking Amazon Q Enterprise some questions concerning the Amazon Q index.

Within the first question, we ask “What’s Q index? How is it helpful for ISV’s?” The next screenshot reveals the response.

Within the following question, we ask “How can Q index enrich generative AI experiences for ISVs?”

In our subsequent question, we ask “How is Q index priced?”

Having efficiently examined our nameless Amazon Q Enterprise utility via the console, we are going to now discover the right way to create an equal utility utilizing the AWS CLI.

Create your nameless utility utilizing the AWS CLI

Guarantee that your AWS CLI is configured with permissions to create Amazon Q Enterprise assets and IAM roles.

Create an IAM function for Amazon Q Enterprise

First, create an IAM function that Amazon Q Enterprise can assume to entry obligatory assets:

# Create belief coverage doc
cat > trust-policy.json << 'EOF'
{
  "Model": "2012-10-17",
  "Assertion": (
    {
      "Impact": "Permit",
      "Principal": {
        "Service": "qbusiness.amazonaws.com"
      },
      "Motion": "sts:AssumeRole"
    }
  )
}
EOF

# Create IAM function
aws iam create-role 
  --role-name QBusinessAnonymousAppRole 
  --assume-role-policy-document file://trust-policy.json

# Connect obligatory permissions
aws iam attach-role-policy 
  --role-name QBusinessAnonymousAppRole

Create an nameless Amazon Q Enterprise utility

Use the next code to create your utility:

#bash
aws qbusiness create-application 
--display-name "PublicKnowledgeBase" 
--identity-type ANONYMOUS 
--role-arn "arn:aws:iam:: :function/QBusinessAnonymousAppRole" 
--description "That is the QBiz utility for nameless use-case"

Save the applicationId from the response:

#json

{
  "applicationId": "your-application-id",
  "applicationArn": "arn:aws:qbusiness:area:account-id:utility/your-application-id"
}

Create a restrictive coverage for nameless entry

We strongly advocate utilizing the next restricted coverage for the function that will likely be used to name the chat APIs for nameless entry utility environments. This coverage limits actions to solely the mandatory APIs and restricts entry to solely your particular utility.

Create the IAM function with the next coverage:

# Create restrictive coverage doc
cat > anonymous-access-policy.json << 'EOF'
{
  "Model": "2012-10-17",
  "Assertion": (
    {
      "Sid": "QBusinessConversationPermission",
      "Impact": "Permit",
      "Motion": (
        "qbusiness:Chat",
        "qbusiness:ChatSync",
        "qbusiness:PutFeedback"
      ),
      "Useful resource": "arn:aws:qbusiness:::utility/"
    }
  )
}
EOF

# Connect the coverage to the function
aws iam put-role-policy 
  --role-name QBusinessAnonymousAppRole 
  --policy-name QBusinessAnonymousAccessPolicy 
  --policy-document file://anonymous-access-policy.json

Create an index

Create an index to your content material, then add paperwork utilizing the BatchPutDocument API. For step-by-step steering, see Choose Retriever.

Check your nameless Amazon Q Enterprise utility

To reveal the chat performance utilizing the AWS CLI, we uploaded Amazon Q Enterprise documentation in PDF format to our index and examined the appliance utilizing the next pattern queries.

The next is an instance chat interplay utilizing the IAM function credentials. We first ask “What’s Amazon Q index?”

#1)
#bash
aws qbusiness chat-sync 
  --application-id  
  --user-message "What's Amazon Q index?"

The next screenshot reveals a part of the output from the chat-sync API when executed with our nameless Amazon Q Enterprise utility ID, as proven within the earlier command.

Subsequent, we ask “How can Q index enrich generative AI experiences for ISV’s?”

2)
#bash
aws qbusiness chat-sync 
  --application-id  
  --user-message "How can Q index enrich generative AI experiences for ISV's?"

The next screenshot reveals a part of the output from the chat-sync API when executed with our nameless Amazon Q Enterprise utility ID.

Create an internet expertise for the nameless net utility

Use the next code to create the online expertise:

#bash
aws qbusiness create-web-experience 
  --application-id  
  --display-name "PublicKnowledgeBaseExperience" 
  --role-arn "arn:aws:iam:::function/QBusinessAnonymousAppRole" 
  --description "Internet interface for my nameless Q Enterprise utility"

To generate an nameless URL, use the next code:

#bash
aws qbusiness create-anonymous-web-experience-url 
  --application-id  
  --web-experience-id 

You should use the online expertise URL generated by the previous command and embed it into your net functions utilizing an iframe.

Issues

Contemplate the next when utilizing nameless entry in Amazon Q Enterprise:

• The next are the one chat APIs that assist nameless entry utility environments:
  • Chat
  • ChatSync
  • PutFeedback
• You need to solely ingest publicly out there information sources with out ACLs. Examples of public information sources embrace:
  • Knowledge from the Amazon Q Enterprise Internet Crawler
  • Amazon S3 information with out ACLs
• Amazon Q Enterprise functions with nameless entry are billed on a consumption-based pricing mannequin.
• Chat historical past will not be out there for nameless utility environments.
• Nameless customers and authenticated customers should not supported on the identical utility environments.
• Plugins should not supported for nameless utility environments.
• Amazon QuickSight integration will not be supported for nameless utility

Environments.

• Amazon Q Apps should not supported for nameless utility environments.
• Attachments should not supported for nameless utility environments.
• Admin controls and guardrails are read-only for nameless utility environments, apart from blocked phrases.
• Matter guidelines utilizing customers and teams should not supported for nameless utility

The remaining Amazon Q Enterprise performance and options stay unchanged.

Clear up

When you’re accomplished with the answer, clear up the assets you created.

Conclusion

On this publish, we launched Amazon Q Enterprise nameless person entry mode and demonstrated the right way to create, configure, and check an nameless Amazon Q Enterprise utility utilizing each the console and AWS CLI. This thrilling characteristic extends enterprise-grade Amazon Q Enterprise generative AI capabilities to your nameless audiences with out requiring authentication, opening up new potentialities for enhancing buyer experiences on public web sites, documentation portals, and self-service information bases. This characteristic is on the market via a consumption pricing mannequin that prices primarily based on precise Chat and Chatsync API utilization and index storage prices nonetheless relevant.

By following the implementation steps outlined on this publish, you’ll be able to rapidly arrange an Amazon Q Enterprise utility tailor-made to your exterior customers, secured with applicable IAM insurance policies, and able to embed in your end-user-facing functions.

To study extra about this nameless entry characteristic, see the Amazon Q Enterprise Person Information. For detailed steering on embedding Amazon Q Enterprise in your net functions, see Add a generative AI expertise to your web site or net utility with Amazon Q embedded. In case you’re taken with constructing fully customized UI experiences with the Amazon Q Enterprise API, take a look at Customizing an Amazon Q Enterprise net expertise.

Concerning the authors

Vishnu Elangovan is a Worldwide Generative AI Answer Architect with over seven years of expertise in Utilized AI/ML. He holds a grasp’s diploma in Knowledge Science and makes a speciality of constructing scalable synthetic intelligence options. He loves constructing and tinkering with scalable AI/ML options and considers himself a lifelong learner. Exterior his skilled pursuits, he enjoys touring, taking part in sports activities, and exploring new issues to unravel.

Jean-Pierre Dodel is a Principal Product Supervisor for Amazon Q Enterprise, chargeable for delivering key strategic product capabilities together with structured information assist in Q Enterprise, RAG. and total product accuracy optimizations. He brings intensive AI/ML and Enterprise search expertise to the workforce with over 7 years of product management at AWS.