Arrange a customized plugin on Amazon Q Enterprise and authenticate with Amazon Cognito to work together with backend techniques

Companies are always evolving, and leaders are challenged day by day to satisfy new necessities and are looking for methods to optimize their operations and achieve a aggressive edge. One of many key challenges they face is managing the complexity of disparate enterprise techniques and workflows, which ends up in inefficiencies, information silos, and missed alternatives.

Generative AI can play an essential position in integrating these disparate techniques in a safe and seamless method, addressing these challenges in a cheap manner. This integration permits for safe and environment friendly information trade, motion triggering, and enhanced productiveness throughout the group. Amazon Q Enterprise performs an essential position in making this occur. Amazon Q Enterprise allows organizations to rapidly and effortlessly analyze their information, uncover insights, and make data-driven choices. With its intuitive interface and seamless integration with different AWS companies, Amazon Q Enterprise empowers companies of various sizes to remodel their information into actionable intelligence and drive innovation throughout their operations.

On this put up, we exhibit the best way to construct a customized plugin with Amazon Q Enterprise for backend integration. This plugin can combine present techniques, together with third-party techniques, with little to no improvement in simply weeks and automate vital workflows. Moreover, we present the best way to safeguard the answer utilizing Amazon Cognito and AWS IAM Id Middle, sustaining the security and integrity of delicate information and workflows. Amazon Q Enterprise additionally gives utility setting guardrails or chat controls that you may configure to manage the end-user chat expertise so as to add an extra layer of security. Lastly, we present the best way to expose your backend APIs by Amazon API Gateway, which is constructed on serverless AWS Lambda features and Amazon DynamoDB.

Resolution overview

Amazon Q Enterprise is a completely managed, generative AI-powered assistant that helps enterprises unlock the worth of their information and information. With Amazon Q Enterprise, you possibly can rapidly discover solutions to questions, generate summaries and content material, and full duties through the use of the data and experience saved throughout your organization’s numerous information sources and enterprise techniques. On the core of this functionality are built-in information supply connectors and customized plugins that seamlessly combine and index content material from a number of repositories right into a unified index. This allows the Amazon Q Enterprise giant language mannequin (LLM) to offer correct, well-written solutions by drawing from the consolidated information and knowledge. The info supply connectors act as a bridge, synchronizing content material from disparate techniques like Salesforce, Jira, and SharePoint right into a centralized index that powers the pure language understanding and generative talents of Amazon Q Enterprise. Amazon Q Enterprise additionally offers the potential to create customized plugins to combine along with your group’s backend system and third-party purposes.

After you combine Amazon Q Enterprise along with your backend system utilizing a customized plugin, customers can ask questions from paperwork which can be uploaded in Amazon Easy Storage Service (Amazon S3). For this put up, we use a easy doc that accommodates product names, descriptions, and different associated data. A number of the questions you possibly can ask Amazon Q Enterprise may embody the next:

• “Give me the title of the merchandise.”
• “Now record all of the merchandise together with the outline in tabular format.”
• “Now create one of many merchandise .” (At this stage, Amazon Q Enterprise would require you to authenticate towards Amazon Cognito to ensure you have the proper permission to work on that utility.)
• “Record all of the merchandise together with ID and value in tabular format.”
• “Replace the worth of product with ID .”

The next diagram illustrates the answer structure.

The workflow consists of the next steps:

1. The person asks a query utilizing the Amazon Q Enterprise chat interface.
2. Amazon Q Enterprise searches the listed doc in Amazon S3 for related data and presents it to the person.
3. The person can use the plugin to carry out actions (API calls) within the system uncovered to Amazon Q Enterprise utilizing Open API 3.x requirements.
4. As a result of the API is secured with Amazon Cognito, Amazon Q Enterprise requires the person to authenticate towards the person credentials obtainable in Amazon Cognito.
5. On profitable authentication, API Gateway forwards the request to Lambda.
6. The API response is returned to the person by the Amazon Q Enterprise chat interface.

Conditions

Earlier than you start the walkthrough, you could have an AWS account. In case you don’t have one, join one. Moreover, you could have entry to the next companies:

• Amazon API Gateway
• AWS CloudFormation
• Amazon Cognito
• Amazon DynamoDB
• AWS IAM Id Middle
• AWS Lambda
• Amazon Q Enterprise Professional (It will have an extra month-to-month value)
• Amazon S3

Launch the CloudFormation template

Launch the next CloudFormation template to arrange Amazon Cognito, API Gateway, DynamoDB, and Lambda sources.

After you deploy the stack, navigate to the Outputs tab for the stack on the AWS CloudFormation console and notice the useful resource particulars. We use these values later on this put up.

In case you’re working the CloudFormation template a number of occasions, ensure that to decide on a novel title for the stack every time.

Create an Amazon Q Enterprise utility

Full the next steps to create an Amazon Q Enterprise utility:

1. On the Amazon Q Enterprise console, select Purposes within the navigation pane.
2. Select Create utility.

3. Present an utility title (for instance, product-mgmt-app).
4. Go away the opposite settings as default and select Create.

The appliance can be created in just a few seconds.

5. On the appliance particulars web page, select Knowledge supply.
6. Select Add an index.
7. For Index title, enter a reputation for the index.
8. For Index provisioning, choose Enterprise or Starter.
9. For Variety of items, depart because the default 1.
10. Select Add an index.

11. On the Knowledge supply web page, select Add an information supply.
12. Select Amazon S3 as your information supply and enter a novel title.
13. Enter the information supply location as the worth of BucketName from the CloudFormation stack outputs within the format s3://.

In a later step, we add a file to this S3 bucket.

14. For IAM position¸ select Create a brand new service position (really helpful).
15. For Sync scope, choose Full sync.
16. For Frequency, choose Run on demand.
17. Select Add information supply.
18. On the appliance particulars web page, select Handle person entry.
19. Select Add teams and customers.
20. You should utilize present customers or teams in IAM Id Middle or create new customers and teams, then select Affirm.

Solely these teams and customers have entry to the Amazon Q Enterprise utility for his or her subscriptions.

21. Pay attention to deployed URL of the appliance to make use of in a later step.
22. On the Amazon S3 console, find the S3 bucket you famous earlier and add the pattern doc.
23. On the Amazon Q Enterprise console, navigate to the appliance particulars web page and sync the Amazon S3 information supply.

Configure Amazon Cognito

Full the next steps to arrange Amazon Cognito:

1. On the Amazon Cognito console, navigate to the person pool created utilizing the CloudFormation template (ending with-ProductUserPool).
2. Underneath Branding within the navigation pane, select Area.
3. On the Actions menu, select Create Cognito area.

We didn’t create a website after we created the person pool utilizing the CloudFormation template.

4. For Cognito area, enter a website prefix.
5. For Model, choose Hosted UI.
6. Select Create Cognito area.

7. Underneath Purposes within the navigation pane, select App shoppers.
8. Select your app consumer.

9. On the app consumer element web page, select Login pages after which select Edit the managed login pages configuration.
10. For URL, enter the deployed URL you famous earlier, adopted by /oauth/callback. For instance, https://xxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback.
11. Specify your id supplier, OAuth 2.0 grant sort, OpenID Join scopes, and customized scopes.

Customized scopes are outlined as a part of the API configuration in API Gateway. It will assist Amazon Q Enterprise decide what motion a person is allowed to take. On this case, we’re permitting the person to learn, write, and delete. Nevertheless, you possibly can change this based mostly on what you need your customers to do utilizing the Amazon Q Enterprise chat.

12. Select Save modifications.

13. Pay attention to the Shopper ID and Shopper secret values within the App consumer data part to make use of in a later step.

Amazon Cognito doesn’t assist altering the consumer secret after you’ve created the app consumer; a brand new app consumer is required if you wish to change the consumer secret.

Lastly, it’s important to add at the least one person to the Amazon Cognito person pool.

14. Select Customers underneath Consumer administration within the navigation pane and select Create person.
15. Create a person so as to add to your Amazon Cognito person pool.

We are going to use this person to authenticate earlier than we will chat and ask inquiries to the backend system utilizing Amazon Q Enterprise.

Create an Amazon Q Enterprise customized plugin

Full the next steps to create your customized plugin:

1. On the Amazon Q Enterprise console, navigate to the appliance you created.
2. Underneath Actions within the navigation pane, select Plugins
3. Select Add plugin.

4. Choose Create customized plugin.
5. Present a plugin title (for instance, Merchandise).
6. Underneath API schema supply, choose Outline with in-line OpenAPI schema editor and enter the next code:

openapi: 3.0.0
information:
  title: CRUD API
  model: 1.0.0
  description: API for performing CRUD operations
servers:
  - url: put api gateway endpoint url right here, copy it from cloudformation output
    
paths:
  /merchandise:
    get:
      abstract: Record all merchandise
      safety:
        - OAuth2:
            - merchandise/learn
      description: Returns a listing of all obtainable merchandise
      responses:
        '200':
          description: Profitable response
          content material:
            utility/json:
              schema:
                sort: array
                objects:
                  $ref: '#/elements/schemas/Product'
        '500':
          description: Inside server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    put up:
      abstract: Create a brand new product
      safety:
        - OAuth2:
            - merchandise/write
      description: Creates a brand new product
      requestBody:
        required: true
        content material:
          utility/json:
            schema:
              $ref: '#/elements/schemas/Product'
      responses:
        '201':
          description: Created
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '400':
          description: Dangerous Request
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Inside server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
  /merchandise/{id}:
    get:
      abstract: Get a product
      safety:
        - OAuth2:
            - merchandise/learn
      description: Retrieves a particular product by its ID
      parameters:
        - title: id
          in: path
          required: true
          description: The ID of the product to retrieve
          schema:
            sort: string
      responses:
        '200':
          description: Profitable response
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '404':
          description: Product not discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Inside server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    put:
      abstract: Replace a product
      safety:
        - OAuth2:
            - merchandise/write
      description: Updates an present product
      parameters:
        - title: id
          in: path
          required: true
          description: The ID of the product to replace
          schema:
            sort: string
      requestBody:
        required: true
        content material:
          utility/json:
            schema:
              $ref: '#/elements/schemas/Product'
      responses:
        '200':
          description: Profitable response
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '404':
          description: Product not discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Inside server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    delete:
      abstract: Delete a product
      safety:
        - OAuth2:
            - merchandise/delete
      description: Deletes a particular product by its ID
      parameters:
        - title: id
          in: path
          required: true
          description: The ID of the product to delete
          schema:
            sort: string
      responses:
        '204':
          description: Profitable response
        '404':
          description: Product not discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Inside server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
elements:
  securitySchemes:
    OAuth2:
      sort: oauth2
      flows:
        authorizationCode:
          authorizationUrl: /oauth2/authorize
          tokenUrl: /oauth2/token
          scopes:
            merchandise/learn: learn prodcut
            merchandise/write: write prodcut
            merchandise/delete: delete prodcut
  schemas:
    Product:
      sort: object
      required:
        - id
        - title
        - description
      properties:
        id:
          sort: string
        title:
          sort: string
        description:
          sort: string
    Error:
      sort: object
      properties:
        error:
          sort: string

7. Within the YAML file, substitute the URL worth with the worth of ProductAPIEndpoint from the CloudFormation stack outputs:

servers url: https://<>.execute-api.us-east-1.amazonaws.com/dev

8. Change the Amazon Cognito area URL with the area you created earlier:

authorizationCode:

authorizationUrl: https://xxxx.auth.us-east1.amazoncognito.com/oauth2/authorize

tokenUrl: https://xxxx.auth.us-east-1.amazoncognito.com/oauth2/token

The YAML file accommodates the schema (Open API 3.x) that Amazon Q Enterprise makes use of to determine which API must be referred to as based mostly on the outline. For instance, line 16 within the following screenshot says Return a listing all obtainable merchandise, which instructs Amazon Q Enterprise to name this API at any time when a person makes a request to record all merchandise.

9. For authentication, choose Authentication required.
10. For AWS Secrets and techniques Supervisor secret, select Create and add new secret and enter the consumer ID and consumer secret you saved earlier, and enter the callback URL the identical manner as you probably did for the Amazon Cognito host UI (https://<>.chat.qbusiness.<>.on.aws/oauth/callback).
11. For Select a way to authorize Amazon Q Enterprise, select Create and use a brand new service position.
12. Select Create plugin.

The final step is to allow the chat orchestration function so Amazon Q Enterprise can choose the plugin robotically.

13. On the customized plugin particulars web page, select Admin controls and guardrails underneath Enhancements within the navigation pane.
14. Within the International controls part, select Edit.

15. Choose Permit Amazon Q Enterprise to robotically orchestrate chat queries throughout plugins and information sources, then select Save.

Configure API Gateway, Lambda, and DynamoDB sources

All the things associated to API Gateway, Lambda, and DynamoDB is already configured utilizing the CloudFormation template. Particulars can be found on the Outputs tab of the stack particulars web page. You too can evaluate the small print of the Lambda perform and DynamoDB desk on their respective service consoles. To find out how the Lambda perform is uncovered as an API by API Gateway, evaluate the small print on the API Gateway console.

Chat with Amazon Q Enterprise

Now you’re prepared to speak with Amazon Q Enterprise.

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Select the hyperlink for Deployed URL.
3. Authenticate utilizing IAM Id Middle (that is to ensure you have entry to Amazon Q Enterprise Professional).

Now you can ask questions in pure language.

Within the following instance, we verify if Amazon Q Enterprise is ready to entry the information from the S3 bucket by asking “Record all of the merchandise and their description in a desk.”

After the product descriptions can be found, begin chatting and ask questions like Are you able to create product with identical description please?. Alternatively, you possibly can create a brand new product that isn’t listed within the pattern doc uploaded in Amazon S3. Amazon Q Enterprise will robotically choose the proper plugin (on this case, Merchandise).

Subsequent requests for API calls to undergo the customized plugin will ask you to authorize your entry. Select Authorize and authenticate with the person credentials created in Amazon Cognito earlier. After you’re authenticated, Amazon Q Enterprise will cache the session token for subsequent API calls and full the request.

You may question on the merchandise which can be obtainable within the backend by asking questions like the next:

• Are you able to please record all of the merchandise?
• Delete a product by ID or by title.
• Create a brand new product with the title 'Gloves' and outline as 'Soccer gloves' with computerized in-built cooling

Based mostly on the previous immediate, a product has been created within the merchandise desk in DynamoDB.

Price issues

The price of establishing this answer is predicated on the worth of the person AWS companies getting used. Costs of these companies can be found on the person service pages. The one necessary value is the Amazon Q Enterprise Professional license. For extra data, see Amazon Q Enterprise pricing.

Clear up

Full the next steps to wash up your sources:

1. Delete the CloudFormation stack. For directions, confer with Deleting a stack on the AWS CloudFormation console.
2. Delete the Amazon Q Enterprise utility.
3. Delete the Amazon Cognito person pool area.
4. Empty and delete the S3 bucket. For directions, confer with Deleting a common function bucket.

Conclusion

On this put up, we explored how Amazon Q Enterprise can seamlessly combine with enterprise techniques utilizing a customized plugin to assist enterprises unlock the worth of their information. We walked you thru the method of establishing the customized plugin, together with configuring the mandatory Amazon Cognito and authentication mechanisms.

With this tradition plugin, organizations can empower their workers to work effectively, solutions rapidly, speed up reporting, automate workflows, and improve collaboration. You may ask Amazon Q Enterprise pure language questions and watch because it surfaces probably the most related data out of your firm’s backend system and act on requests.

Don’t miss out on the transformative energy of generative AI and Amazon Q Enterprise. Enroll right now and expertise the distinction that Amazon Q Enterprise could make to your group’s workflow automation and the effectivity it brings.

In regards to the Authors

Shubhankar Sumar is a Senior Options Architect at Amazon Net Providers (AWS), working with enterprise software program and SaaS prospects throughout the UK to assist architect safe, scalable, environment friendly, and cost-effective techniques. He’s an skilled software program engineer, having constructed many SaaS options powered by generative AI. Shubhankar focuses on constructing multi-tenant techniques on the cloud. He additionally works intently with prospects to carry generative AI capabilities to their SaaS purposes.

Dr. Anil Giri is a Options Architect at Amazon Net Providers. He works with enterprise software program and SaaS prospects to assist them construct generative AI purposes and implement serverless architectures on AWS. His focus is on guiding shoppers to create modern, scalable options utilizing cutting-edge cloud applied sciences.

Ankur Agarwal is a Principal Enterprise Architect at Amazon Net Providers Skilled Providers. Ankur works with enterprise shoppers to assist them get probably the most out of their funding in cloud computing. He advises on utilizing cloud-based purposes, information, and AI applied sciences to ship most enterprise worth.