Set up a custom plugin on Amazon Q Business and authenticate with Amazon Cognito to interact with backend systems

Companies are repeatedly evolving, and leaders are challenged each day to fulfill new necessities and are in quest of techniques to optimize their operations and acquire a aggressive edge. One of the crucial key demanding situations they face is managing the complexity of disparate trade techniques and workflows, which ends up in inefficiencies, information silos, and overlooked alternatives.

Generative AI can play a very powerful function in integrating those disparate techniques in a protected and seamless approach, addressing those demanding situations in a cheap method. This integration lets in for protected and environment friendly information change, motion triggering, and enhanced productiveness around the group. Amazon Q Business performs a very powerful function in making this occur. Amazon Q Industry allows organizations to temporarily and without problems analyze their information, discover insights, and make data-driven choices. With its intuitive interface and seamless integration with different AWS services and products, Amazon Q Industry empowers companies of various sizes to turn out to be their information into actionable intelligence and pressure innovation throughout their operations.

On this put up, we reveal construct a customized plugin with Amazon Q Industry for backend integration. This plugin can combine current techniques, together with third-party techniques, with little to no building in simply weeks and automate crucial workflows. Moreover, we display safeguard the answer the use of Amazon Cognito and AWS IAM Identity Center, keeping up the protection and integrity of delicate information and workflows. Amazon Q Industry additionally gives utility environment guardrails or chat controls that you’ll be able to configure to regulate the end-user chat enjoy so as to add an extra layer of protection. Finally, we display divulge your backend APIs via Amazon API Gateway, which is constructed on serverless AWS Lambda purposes and Amazon DynamoDB.

Answer evaluation

Amazon Q Industry is an absolutely controlled, generative AI-powered assistant that is helping enterprises unencumber the price in their information and data. With Amazon Q Industry, you’ll be able to temporarily to find solutions to questions, generate summaries and content material, and whole duties via the use of the guidelines and experience saved throughout your corporate’s quite a lot of information assets and undertaking techniques. On the core of this capacity are integrated information supply connectors and customized plugins that seamlessly combine and index content material from a couple of repositories right into a unified index. This allows the Amazon Q Industry massive language type (LLM) to supply correct, well-written solutions via drawing from the consolidated information and knowledge. The information supply connectors act as a bridge, synchronizing content material from disparate techniques like Salesforce, Jira, and SharePoint right into a centralized index that powers the herbal language working out and generative talents of Amazon Q Industry. Amazon Q Industry additionally supplies the potential to create customized plugins to combine along with your group’s backend machine and third-party packages.

After you combine Amazon Q Industry along with your backend machine the use of a customized plugin, customers can ask questions from paperwork which can be uploaded in Amazon Simple Storage Service (Amazon S3). For this put up, we use a easy record that comprises product names, descriptions, and different similar knowledge. One of the questions you’ll be able to ask Amazon Q Industry would possibly come with the next:

• “Give me the identify of the goods.”
• “Now listing the entire merchandise at the side of the outline in tabular layout.”
• “Now create one of the most merchandise .” (At this level, Amazon Q Industry would require you to authenticate in opposition to Amazon Cognito to make sure to have the correct permission to paintings on that utility.)
• “Checklist the entire merchandise at the side of ID and value in tabular layout.”
• “Replace the cost of product with ID .”

The next diagram illustrates the answer structure.

The workflow is composed of the next steps:

1. The consumer asks a query the use of the Amazon Q Industry chat interface.
2. Amazon Q Industry searches the listed record in Amazon S3 for related knowledge and items it to the consumer.
3. The consumer can use the plugin to accomplish movements (API calls) within the machine uncovered to Amazon Q Industry the use of Open API 3.x standards.
4. Since the API is secured with Amazon Cognito, Amazon Q Industry calls for the consumer to authenticate in opposition to the consumer credentials to be had in Amazon Cognito.
5. On a hit authentication, API Gateway forwards the request to Lambda.
6. The API reaction is returned to the consumer in the course of the Amazon Q Industry chat interface.

Must haves

Sooner than you start the walkthrough, you should have an AWS account. If you happen to don’t have one, sign up for one. Moreover, you should have get admission to to the next services and products:

• Amazon API Gateway
• AWS CloudFormation
• Amazon Cognito
• Amazon DynamoDB
• AWS IAM Identification Middle
• AWS Lambda
• Amazon Q Industry Professional (This will likely have an extra monthly cost)
• Amazon S3

Release the CloudFormation template

Release the next CloudFormation template to arrange Amazon Cognito, API Gateway, DynamoDB, and Lambda assets.

After you deploy the stack, navigate to the Outputs tab for the stack at the AWS CloudFormation console and notice the useful resource main points. We use the ones values later on this put up.

If you happen to’re operating the CloudFormation template a couple of instances, ensure that to select a singular identify for the stack every time.

Create an Amazon Q Industry utility

Whole the next steps to create an Amazon Q Industry utility:

1. At the Amazon Q Industry console, select Programs within the navigation pane.
2. Make a selection Create utility.

3. Supply an utility identify (as an example, product-mgmt-app).
4. Go away the opposite settings as default and select Create.

The applying shall be created in a couple of seconds.

5. At the utility main points web page, select Information supply.
6. Make a selection Upload an index.
7. For Index identify, input a reputation for the index.
8. For Index provisioning, make a selection Endeavor or Starter.
9. For Choice of devices, go away because the default 1.
10. Make a selection Upload an index.

11. At the Information supply web page, select Upload a knowledge supply.
12. Make a selection Amazon S3 as your information supply and input a singular identify.
13. Input the information supply location as the price of BucketName from the CloudFormation stack outputs within the layout s3://.

In a later step, we add a document to this S3 bucket.

14. For IAM function¸ select Create a brand new provider function (advisable).
15. For Sync scope, make a selection Complete sync.
16. For Frequency, make a selection Run on call for.
17. Make a selection Upload information supply.
18. At the utility main points web page, select Set up consumer get admission to.
19. Make a selection Upload teams and customers.
20. You’ll use current customers or teams in IAM Identification Middle or create new customers and teams, then select Ascertain.

Handiest those teams and customers have get admission to to the Amazon Q Industry utility for his or her subscriptions.

21. Take into accout of deployed URL of the appliance to make use of in a later step.
22. At the Amazon S3 console, find the S3 bucket you famous previous and add the sample document.
23. At the Amazon Q Industry console, navigate to the appliance main points web page and sync the Amazon S3 information supply.

Configure Amazon Cognito

Whole the next steps to arrange Amazon Cognito:

1. At the Amazon Cognito console, navigate to the consumer pool created the use of the CloudFormation template (finishing with-ProductUserPool).
2. Beneath Branding within the navigation pane, select Area.
3. At the Movements menu, select Create Cognito area.

We didn’t create a website after we created the consumer pool the use of the CloudFormation template.

4. For Cognito area, input a website prefix.
5. For Model, make a selection Hosted UI.
6. Make a selection Create Cognito area.

7. Beneath Programs within the navigation pane, select App purchasers.
8. Make a selection your app consumer.

9. At the app consumer element web page, select Login pages after which select Edit the controlled login pages configuration.
10. For URL, input the deployed URL you famous previous, adopted via /oauth/callback. For instance, https://xxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback.
11. Specify your id supplier, OAuth 2.0 grant sort, OpenID Attach scopes, and customized scopes.

Customized scopes are outlined as a part of the API configuration in API Gateway. This will likely assist Amazon Q Industry resolve what motion a consumer is authorized to take. On this case, we’re permitting the consumer to learn, write, and delete. Then again, you’ll be able to alternate this in keeping with what you need your customers to do the use of the Amazon Q Industry chat.

12. Make a selection Save adjustments.

13. Take into accout of the Shopper ID and Shopper secret values within the App consumer knowledge segment to make use of in a later step.

Amazon Cognito doesn’t enhance converting the buyer secret upon getting created the app consumer; a brand new app consumer is wanted if you wish to alternate the buyer secret.

Finally, it’s a must to upload a minimum of one consumer to the Amazon Cognito consumer pool.

14. Make a selection Customers beneath Consumer control within the navigation pane and select Create consumer.
15. Create a consumer so as to add for your Amazon Cognito consumer pool.

We will be able to use this consumer to authenticate prior to we will chat and ask inquiries to the backend machine the use of Amazon Q Industry.

Create an Amazon Q Industry customized plugin

Whole the next steps to create your customized plugin:

1. At the Amazon Q Industry console, navigate to the appliance you created.
2. Beneath Movements within the navigation pane, select Plugins
3. Make a selection Upload plugin.

4. Make a choice Create customized plugin.
5. Supply a plugin identify (as an example, Merchandise).
6. Beneath API schema supply, make a selection Outline with in-line OpenAPI schema editor and input the next code:

openapi: 3.0.0
data:
  name: CRUD API
  model: 1.0.0
  description: API for appearing CRUD operations
servers:
  - url: put api gateway endpoint url right here, replica it from cloudformation output
    
paths:
  /merchandise:
    get:
      abstract: Checklist all merchandise
      safety:
        - OAuth2:
            - merchandise/learn
      description: Returns a listing of all to be had merchandise
      responses:
        '200':
          description: A success reaction
          content material:
            utility/json:
              schema:
                sort: array
                pieces:
                  $ref: '#/elements/schemas/Product'
        '500':
          description: Interior server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    put up:
      abstract: Create a brand new product
      safety:
        - OAuth2:
            - merchandise/write
      description: Creates a brand new product
      requestBody:
        required: true
        content material:
          utility/json:
            schema:
              $ref: '#/elements/schemas/Product'
      responses:
        '201':
          description: Created
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '400':
          description: Unhealthy Request
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Interior server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
  /merchandise/{identity}:
    get:
      abstract: Get a product
      safety:
        - OAuth2:
            - merchandise/learn
      description: Retrieves a selected product via its ID
      parameters:
        - identify: identity
          in: trail
          required: true
          description: The ID of the product to retrieve
          schema:
            sort: string
      responses:
        '200':
          description: A success reaction
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '404':
          description: Product no longer discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Interior server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    put:
      abstract: Replace a product
      safety:
        - OAuth2:
            - merchandise/write
      description: Updates an current product
      parameters:
        - identify: identity
          in: trail
          required: true
          description: The ID of the product to replace
          schema:
            sort: string
      requestBody:
        required: true
        content material:
          utility/json:
            schema:
              $ref: '#/elements/schemas/Product'
      responses:
        '200':
          description: A success reaction
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Product'
        '404':
          description: Product no longer discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Interior server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
    delete:
      abstract: Delete a product
      safety:
        - OAuth2:
            - merchandise/delete
      description: Deletes a selected product via its ID
      parameters:
        - identify: identity
          in: trail
          required: true
          description: The ID of the product to delete
          schema:
            sort: string
      responses:
        '204':
          description: A success reaction
        '404':
          description: Product no longer discovered
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
        '500':
          description: Interior server error
          content material:
            utility/json:
              schema:
                $ref: '#/elements/schemas/Error'
elements:
  securitySchemes:
    OAuth2:
      sort: oauth2
      flows:
        authorizationCode:
          authorizationUrl: /oauth2/authorize
          tokenUrl: /oauth2/token
          scopes:
            merchandise/learn: learn prodcut
            merchandise/write: write prodcut
            merchandise/delete: delete prodcut
  schemas:
    Product:
      sort: object
      required:
        - identity
        - identify
        - description
      houses:
        identity:
          sort: string
        identify:
          sort: string
        description:
          sort: string
    Error:
      sort: object
      houses:
        error:
          sort: string

7. Within the YAML document, exchange the URL price with the price of ProductAPIEndpoint from the CloudFormation stack outputs:

servers url: https://<>.execute-api.us-east-1.amazonaws.com/dev

8. Exchange the Amazon Cognito area URL with the area you created previous:

authorizationCode:

authorizationUrl: https://xxxx.auth.us-east1.amazoncognito.com/oauth2/authorize

tokenUrl: https://xxxx.auth.us-east-1.amazoncognito.com/oauth2/token

The YAML document comprises the schema (Open API 3.x) that Amazon Q Industry makes use of to make a decision which API must be known as in keeping with the outline. For instance, line 16 within the following screenshot says Go back a listing all to be had merchandise, which instructs Amazon Q Industry to name this API each time a consumer makes a request to listing all merchandise.

9. For authentication, make a selection Authentication required.
10. For AWS Secrets and techniques Supervisor secret, select Create and upload new secret and input the buyer ID and consumer secret you stored previous, and input the callback URL the similar method as you probably did for the Amazon Cognito host UI (https://<>.chat.qbusiness.<>.on.aws/oauth/callback).
11. For Make a selection a strategy to authorize Amazon Q Industry, select Create and use a brand new provider function.
12. Make a selection Create plugin.

The ultimate step is to permit the chat orchestration function so Amazon Q Industry can make a selection the plugin routinely.

13. At the customized plugin main points web page, select Admin controls and guardrails beneath Improvements within the navigation pane.
14. Within the World controls segment, select Edit.

15. Make a choice Permit Amazon Q Industry to routinely orchestrate chat queries throughout plugins and knowledge assets, then select Save.

Configure API Gateway, Lambda, and DynamoDB assets

The entirety associated with API Gateway, Lambda, and DynamoDB is already configured the use of the CloudFormation template. Main points are to be had at the Outputs tab of the stack main points web page. You’ll additionally evaluate the main points of the Lambda serve as and DynamoDB desk on their respective provider consoles. To be informed how the Lambda serve as is uncovered as an API via API Gateway, evaluate the main points at the API Gateway console.

Chat with Amazon Q Industry

Now you’re in a position to speak with Amazon Q Industry.

1. At the Amazon Q Industry console, navigate for your utility.
2. Make a selection the hyperlink for Deployed URL.
3. Authenticate the use of IAM Identification Middle (that is to make sure to have get admission to to Amazon Q Industry Professional).

You’ll now ask questions in herbal language.

Within the following instance, we take a look at if Amazon Q Industry is in a position to get admission to the information from the S3 bucket via asking “Checklist the entire merchandise and their description in a desk.”

After the product descriptions are to be had, get started chatting and ask questions like Are you able to create product with similar description please?. However, you’ll be able to create a brand new product that isn’t indexed within the pattern record uploaded in Amazon S3. Amazon Q Industry will routinely pick out the correct plugin (on this case, Merchandise).

Next requests for API calls to move in the course of the customized plugin will ask you to authorize your get admission to. Make a selection Authorize and authenticate with the consumer credentials created in Amazon Cognito previous. After you’re authenticated, Amazon Q Industry will cache the consultation token for next API calls and whole the request.

You’ll question at the merchandise which can be to be had within the backend via asking questions like the next:

• Are you able to please listing the entire merchandise?
• Delete a product via ID or via identify.
• Create a brand new product with the identify 'Gloves' and outline as 'Soccer gloves' with automated inbuilt cooling

In accordance with the previous steered, a product has been created within the merchandise desk in DynamoDB.

Price issues

The price of putting in place this resolution is in keeping with the cost of the person AWS services and products getting used. Costs of the ones services and products are to be had at the person provider pages. The one obligatory charge is the Amazon Q Industry Professional license. For more info, see Amazon Q Business pricing.

Blank up

Whole the next steps to wash up your assets:

1. Delete the CloudFormation stack. For directions, check with Deleting a stack on the AWS CloudFormation console.
2. Delete the Amazon Q Industry utility.
3. Delete the Amazon Cognito consumer pool area.
4. Empty and delete the S3 bucket. For directions, check with Deleting a general purpose bucket.

Conclusion

On this put up, we explored how Amazon Q Industry can seamlessly combine with undertaking techniques the use of a customized plugin to assist enterprises unencumber the price in their information. We walked you in the course of the technique of putting in place the customized plugin, together with configuring the vital Amazon Cognito and authentication mechanisms.

With this tradition plugin, organizations can empower their workers to paintings successfully, solutions temporarily, boost up reporting, automate workflows, and support collaboration. You’ll ask Amazon Q Industry herbal language questions and watch because it surfaces essentially the most related knowledge out of your corporate’s backend machine and act on requests.

Don’t fail to see the transformative energy of generative AI and Amazon Q Industry. Join nowadays and enjoy the adaptation that Amazon Q Industry could make to your group’s workflow automation and the potency it brings.

In regards to the Authors

Shubhankar Sumar is a Senior Answers Architect at Amazon Internet Services and products (AWS), running with undertaking tool and SaaS shoppers throughout the United Kingdom to assist architect protected, scalable, environment friendly, and cost-effective techniques. He’s an skilled tool engineer, having constructed many SaaS answers powered via generative AI. Shubhankar makes a speciality of development multi-tenant techniques at the cloud. He additionally works intently with shoppers to carry generative AI functions to their SaaS packages.

Dr. Anil Giri is a Answers Architect at Amazon Internet Services and products. He works with undertaking tool and SaaS shoppers to assist them construct generative AI packages and enforce serverless architectures on AWS. His focal point is on guiding purchasers to create cutting edge, scalable answers the use of state of the art cloud applied sciences.

Ankur Agarwal is a Most important Endeavor Architect at Amazon Internet Services and products Skilled Services and products. Ankur works with undertaking purchasers to assist them get essentially the most out in their funding in cloud computing. He advises on the use of cloud-based packages, information, and AI applied sciences to ship most trade price.