Amazon Q Enterprise is a completely managed, generative AI-powered assistant which you can configure to reply questions, present summaries, generate content material, and full duties primarily based in your enterprise knowledge. Amazon Q Enterprise gives over 40 built-in connectors to widespread enterprise purposes and doc repositories, together with Amazon Easy Storage Service (Amazon S3), Salesforce, Google Drive, Microsoft 365, ServiceNow, Gmail, Slack, Atlassian, and Zendesk and might help you create your generative AI resolution with minimal configuration.
Almost 100 thousand organizations use Slack to carry the precise folks collectively to securely collaborate with one another. A Slack workspace captures invaluable organizational data within the type of the data that flows by it because the customers talk on it. Therefore, it’s priceless to make this information shortly and securely accessible to the customers.
On this publish, we are going to exhibit learn how to arrange Slack connector for Amazon Q Enterprise to sync communications from each private and non-private channels, reflective of person permissions. We will even information you thru the configurations wanted in your Slack workspace. Moreover, you’ll discover ways to configure the Amazon Q Enterprise utility and allow person authentication by AWS IAM Id Middle, which is a really helpful service for managing a workforce’s entry to AWS purposes.
Information supply overview
Amazon Q Enterprise makes use of giant language fashions (LLMs) to construct a unified resolution that connects a number of knowledge sources. Sometimes, you’d want to make use of a pure language processing (NLP) approach referred to as Retrieval Augmented Era (RAG) for this. With RAG, generative AI enhances its responses by incorporating related data retrieved from a curated dataset. Amazon Q Enterprise has a built-in managed RAG functionality designed to scale back the undifferentiated heavy lifting concerned in creating these methods. Typical of a RAG mannequin, Amazon Q Enterprise has two elements: A retrieval element that retrieves related paperwork for the person question and a technology element that takes the question and the retrieved paperwork after which generates a solution to the question utilizing an LLM.
A Slack workspace has a number of parts. It has public channels the place workspace customers can take part and personal channels the place solely channel members can talk with one another. People also can straight talk with one another in one-on-one conversations and in person teams. This communication is within the type of messages and threads of replies, with non-compulsory doc attachments. Slack workspaces of energetic organizations are extremely dynamic, with the content material and collaboration evolving and rising in quantity constantly.
The previous determine exhibits the method circulate of the answer. Whenever you join Amazon Q Enterprise to an information supply (on this case, Slack), what Amazon Q considers and crawls as a doc varies by connector. For the Amazon Q Enterprise Slack connector, every message, message attachment and channel publish is taken into account a single doc, Nevertheless, Slack dialog threads that show you how to create organized discussions round particular messages are additionally thought-about and ingested as a single doc, whatever the variety of contributors or messages they comprise.
Amazon Q Enterprise crawls entry management checklist (ACL) data hooked up to a doc (person and group data) out of your Slack occasion. This data can be utilized to filter chat responses to the person’s doc entry degree. The Slack connector helps token-based authentication. This may very well be a Slack bot person OAuth token or Slack person OAuth token. See the Slack connector overview to get the checklist of entities which might be extracted, supported filters, sync modes, and file varieties.
Consumer IDs (_user_id) exist in Slack on messages and channels the place there are set entry permissions. They’re mapped from the person emails because the IDs in Slack.
To join your knowledge supply connector to Amazon Q Enterprise, you will need to give Amazon Q Enterprise an IAM position that has the next permissions:
- Permission to entry the
BatchPutDocumentandBatchDeleteDocumentoperations to ingest paperwork. - Permission to entry the Consumer Retailer API operations to ingest person and group entry management data from paperwork.
- Permission to entry your AWS Secrets and techniques Supervisor secret to authenticate your knowledge supply connector occasion.
- (Elective) In case you’re utilizing Amazon Digital Non-public Cloud (Amazon VPC), permission to entry your Amazon VPC.
Resolution overview
On this resolution, we are going to present you learn how to create a Slack workspace with customers who carry out numerous roles throughout the group. We’ll then present you learn how to configure this workspace to outline a set of scopes which might be required by the Amazon Q Enterprise Slack connector to index the person communication. This will likely be adopted by the configuration of the Amazon Q Enterprise utility and a Slack knowledge supply. Primarily based on the configuration, when the info supply is synchronized, the connector both crawls and indexes the content material from the workspace that was created on or earlier than a particular date. The connector additionally collects and ingests ACL data for every listed message and doc. Thus, the search outcomes of a question made by a person contains outcomes solely from these paperwork that the person is permitted to learn.
Conditions
To construct the Amazon Q Enterprise connector for Slack, you want the next:
In Slack:
- Create a Slack bot person OAuth token or Slack person OAuth token. You may select both token to attach Amazon Q Enterprise to your Slack knowledge supply. See the Slack documentation on entry tokens for extra data.
- Be aware your Slack workspace group ID out of your Slack workspace foremost web page URL. For instance,
https://app.slack.com/shopper/T0123456789/...the placeT0123456789is the group ID. - Add the OAuth scopes and browse permissions.
In your AWS account:
- Create an AWS Id and Entry Administration (IAM) position to your knowledge supply and, if utilizing the Amazon Q Enterprise API, word the ARN of the IAM position.
- Retailer your Slack authentication credentials in an AWS Secrets and techniques Supervisor secret and, if utilizing the Amazon Q Enterprise API, word the ARN of the key.
- Allow and configure an IAM Id Middle occasion. Amazon Q Enterprise integrates with IAM Id Middle as a gateway to handle person entry to your Amazon Q Enterprise utility. We suggest enabling and pre-configuring an Id Middle occasion earlier than you start to create your Amazon Q Enterprise utility. Id Middle is the really helpful AWS service for managing human person entry to AWS sources. Amazon Q Enterprise helps each group and account degree Id Middle situations. See Establishing for Amazon Q Enterprise for extra data.
Configure your Slack workspace
You’ll create one person for every of the next roles: Administrator, Information scientist, Database administrator, Options architect and Generic.
| Consumer title | Function |
| arnav_desai | Admin |
| jane_doe | Information Scientist |
| pat_candella | DB Admin |
| mary_major | Options Architect |
| john_stiles | Generic Consumer |
To showcase the ACL propagation, you’ll create three public channels, #common, #customerwork, and #random, that any member can entry together with the Generic person. Additionally, one personal channel, #anydepartment-project-private, that may be accessed solely by the customers arnav_desai, john_stiles, mary_major, and pat_candella.
To create a Slack app:
- Navigate to the Slack API Your Apps web page and select Create New App.
- Choose From scratch. Within the subsequent display screen, choose the workspace to develop your app, after which select Create an App.
- Give the Slack app a reputation and choose a workspace to develop your app in. Then select Create App.
- After you’ve created your app, choose it and navigate to Options and select OAuth & Permissions.
- Scroll right down to Scopes > Consumer Token Scopes and set the OAuth scope primarily based on the person token scopes in Conditions for connecting Amazon Q Enterprise to Slack.
Be aware: You may configure two forms of scopes in a Slack workspace:
- Bot token scope: Solely the messages to which it has been explicitly added are crawled by the bot token. It’s employed to grant restricted entry to particular messages solely.
- Consumer token scope: Solely the info shared with the member is accessible to the person token, which acts as a consultant of a Slack person.
For this instance, so you may search on the conversations between customers, you’ll use the person token scope.
- After the OAuth scope for yser token has been arrange as described within the Slack stipulations, scroll as much as the part OAuth Tokens to your Workspace, and select Set up to Workspace, after which select Enable.
- This may generate a person OAuth token. Copy this token to make use of when configuring the Amazon Q Enterprise Slack connector.
Configure the info supply utilizing the Amazon Q Enterprise Slack connector
On this part, you’ll create an Amazon Q Enterprise utility utilizing the console.
To create an Amazon Q Enterprise utility
- Within the AWS Administration Console for Amazon Q Enterprise, select Create Utility.
- Enter an Utility Title, corresponding to
my-slack-workspace. Depart the Service entry because the default worth, and choose AWS IAM Id Middle for Entry Administration . Enter a brand new Tag worth as required and select Create to the Amazon Q Enterprise Utility.
- Depart the default possibility of Use Native retriever chosen for Retrievers, depart Enterprise because the Index provisioning and depart the default worth of 1 because the Variety of items. Every unit in Amazon Q Enterprise index is 20,000 paperwork or 200 MB of extracted textual content (whichever comes first). Select Subsequent.
- Scroll down the checklist of obtainable connectors and choose Slack after which select Subsequent.
- Enter a Information supply title and a Description to establish your knowledge supply after which enter the Slack workspace group ID to attach with Amazon Q Enterprise.
- Within the Authentication part, choose Create and add a brand new secret.
- On the dialog field that seems, enter a Secret title adopted by the Consumer OAuth Slack token that was copied from the Slack workspace.
- For the IAM position, choose Create a brand new service position (Advisable).
- In Sync scope, select the next:
- For choose kind of content material to crawl, choose All channels.
- Choose an applicable date for Choose crawl begin date.
- Depart the default worth chosen for Most file measurement as 50.
- You may embody particular Messages, corresponding to bot messages or archived messages to sync.
- Moreover, you may embody as much as 100 patterns to incorporate or exclude filenames, varieties, or file paths to sync.
- For Sync mode, depart Full sync chosen and for the Sync run schedule, choose Run on demand.
- Depart the sector mapping as is and select Add knowledge supply.
- On the following web page, select Subsequent.
- Enter a Information supply title and a Description to establish your knowledge supply after which enter the Slack workspace group ID to attach with Amazon Q Enterprise.
- Add the 5 customers you created earlier, who’re part of IAM Id Middle and the Slack workspace to the Amazon Q Enterprise utility. So as to add customers to Id Middle, comply with the directions in Add customers to your Id Middle listing. When carried out, select Add teams and customers and select Assign.
- When a person is added, every person is assigned the default Q Enterprise Professional For extra data on completely different pricing tiers, see the Amazon Q Enterprise pricing web page.
- Select Create utility to complete creating the Amazon Q Enterprise utility.
- After the appliance and the info supply are created, choose the info supply after which select Sync now to start out syncing paperwork out of your knowledge supply.
- The sync course of ingests the paperwork out of your Slack workspace to your alternatives within the Slack connector configuration in Amazon Q Enterprise. The next screenshot exhibits the outcomes of a profitable sync, indicated by the standing of Accomplished.
Search with Amazon Q Enterprise
Now, you’re able to make just a few queries in Amazon Q Enterprise.
To look utilizing Amazon Q Enterprise:
- Navigate to the Internet expertise settings tab and click on on the Deployed URL.
- For this demonstration, register as pat_candella who has the position of DB Admin.
- Enter the password for pat_candella and select Check in
- Upon profitable sign-in, you may be signed in to Amazon Q Enterprise.
- Within the Slack workspace, there’s a public channel, the #customerwork channel that each one customers are members of. The
#customerworkSlack channel is getting used to speak about an upcoming buyer engagement, as proven within the following determine.
- Put up the primary query to Amazon Q Enterprise.
Be aware that the response contains citations that confer with the dialog in addition to the content material of the PDF that was hooked up to the dialog.
Safety and privateness choices with Slack knowledge connector
Subsequent, you’ll create a non-public channel referred to as #anydepartment-project-private with 4 out of the 5 customers—arnav_desai, john_stiles, mary_major and pat_candella—and confirm that the messages exchanged in a non-public channel will not be accessible to non-members like jane_doe. Be aware that after you create a brand new personal channel, you must manually re-run the sync on the info supply.
The under screenshot exhibits the personal slack channel with 4 out of 5 customers and the slack dialog.
Testing safety and privateness choices with Slack knowledge connector
- Whereas signed in as pat_candella, who’s a part of the personal #anydepartment-project-private channel, execute the next question:
- Now, register as jane_doe, who just isn’t a member of the #anydepartment-project-private channel and execute the identical question.
- Amazon Q Enterprise prevents jane_doe from getting insights from data throughout the personal channels that they aren’t a part of, primarily based on the synced ACL data.
Indexing aggregated Slack threads
Slack organizes conversations into threads, which may contain a number of customers and messages. The Amazon Q Enterprise Slack connector treats every thread as a single doc, whatever the variety of contributors or messages it accommodates. This method permits Amazon Q Enterprise to ingest complete dialog threads as particular person items, maximizing the quantity of knowledge that may be processed inside a single index unit. Because of this, you may effectively incorporate extra complete conversational context into your Amazon Q Enterprise system.
The determine that follows exhibits a dialog between pat_candella and jane_doe that features six messages in a thread. The Slack connector aggregates this message thread as a single message, thus maximizing the usage of an index unit.
As a result of the dialog thread is aggregated as a single doc throughout the Amazon Q Enterprise index, you may ask questions that pertain to a single dialog thread as proven within the following determine.
Troubleshooting the sync course of
- Why isn’t Amazon Q Enterprise answering any of my questions?
In case you aren’t getting solutions to your questions from Amazon Q Enterprise, confirm the next:
- Permissions – Doc ACLs listed by Amazon Q Enterprise might not mean you can question sure knowledge entities as demonstrated in our instance. If that is so, please attain out to your Slack workspace administrator to ensure that your person has entry to required paperwork and repeat the sync course of.
- Information connector sync – A failed knowledge supply sync might forestall the paperwork from being listed, which means that Amazon Q Enterprise could be unable to reply questions concerning the paperwork that didn’t sync. Please confer with the official documentation to troubleshoot knowledge supply connectors.
- I’m receiving entry errors on Amazon Q Enterprise utility. What causes this?
See Troubleshooting Amazon Q Enterprise id and entry to diagnose and repair frequent points that you just would possibly encounter when working with Amazon Q and IAM.
- How can I sync paperwork with out ACLs?
Amazon Q Enterprise helps crawling ACLs for doc safety by default. Turning off ACLs and id crawling are now not supported. If you wish to index paperwork with out ACLs, make sure that the paperwork are marked as public in your knowledge supply. Please confer with the official documentation, How Amazon Q Enterprise connector for crawls Slack ACLs.
- My connector is unable to sync. How can I monitor knowledge supply sync progress?
Amazon Q Enterprise supplies visibility into the info sync operations. Study extra about this characteristic within the AWS Machine Studying weblog.
Moreover, because the sync course of runs, you may monitor progress or debug failures by monitoring the Amazon CloudWatch logs that may be accessed from the Particulars part of the Sync run historical past.
A pattern question to find out which paperwork or messages have been listed from a particular slack channel, C12AB34578, and logStream of SYNC_RUN_HISTORY_REPORT/xxxxxxxxxxxxxxxxxxxxxxxx would appear to be the next:
Selecting Run question shows the checklist of messages because the Amazon Q Enterprise Index sync runs, as proven within the following determine.
Cleanup
To delete an Amazon Q Enterprise utility, you need to use the console or the DeleteApplication API operation.
To delete an Amazon Q Enterprise utility utilizing the console
- Check in to the Amazon Q Enterprise console.
- Choose the respective the Amazon Q Enterprise Utility and select
- Select Delete
- Within the dialog field that opens, enter
Delete to substantiate deletion, after which select Delete.
- You might be returned to the service console whereas your utility is deleted. When the deletion course of is full, the console shows a message confirming profitable deletion.
To delete the IAM Id Middle occasion, see Delete your IAM Id Middle occasion.
Conclusion
This weblog publish supplies a step-by-step information on establishing the Slack connector for Amazon Q Enterprise, enabling you to seamlessly combine knowledge out of your Slack workspace. Furthermore, we highlighted the significance of knowledge privateness and safety, demonstrating how the connector adheres to the ACLs inside your Slack workspace. This characteristic helps make sure that personal channel conversations stay confidential and inaccessible to people who aren’t members of these channels. By following these steps and understanding the built-in safety measures, you need to use the facility of Amazon Q Enterprise whereas sustaining the integrity and privateness of your Slack workspace.
To be taught extra concerning the Amazon Q Enterprise connector for Slack, see Connecting Slack to Amazon Q Enterprise. You may automate all of the showcased console operations by Amazon Q Enterprise API’s, the AWS CLI and different relevant AWS SDKs.
In case you select to converse with Amazon Q Enterprise utilizing Slack direct messages (DMs) to ask questions and get solutions primarily based on firm knowledge or to get assist creating new content material corresponding to e mail drafts, summarize hooked up recordsdata, and carry out duties, see Deploy a Slack gateway for Amazon Q, your corporation knowledgeable for details about learn how to carry Amazon Q, your corporation knowledgeable, to customers in Slack.
In regards to the Authors
Akshara Shah is a Senior Options Architect at Amazon Internet Companies. She supplies strategic technical steerage to assist clients design and construct cloud options. She is at the moment targeted on machine studying and AI applied sciences.
Roshan Thomas is a Senior Options Architect at Amazon Internet Companies. He’s primarily based in Melbourne, Australia and works carefully with enterprise clients to speed up their journey within the cloud. He’s captivated with expertise and serving to clients architect and construct options on AWS.
