2024/08/23 - QBusiness - 7 updated api methods
Changes Amazon QBusiness: Enable support for SAML and OIDC federation through AWS IAM Identity Provider integration.
{'clientIdsForOIDC': ['string'],
'iamIdentityProviderArn': 'string',
'identityType': 'AWS_IAM_IDP_SAML | AWS_IAM_IDP_OIDC | AWS_IAM_IDC'}
Creates an Amazon Q Business application.
Note
There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see Amazon Q Business tiers. You must use the Amazon Q Business console to assign subscription tiers to users.
See also: AWS API Documentation
Request Syntax
client.create_application(
displayName='string',
roleArn='string',
identityType='AWS_IAM_IDP_SAML'|'AWS_IAM_IDP_OIDC'|'AWS_IAM_IDC',
iamIdentityProviderArn='string',
identityCenterInstanceArn='string',
clientIdsForOIDC=[
'string',
],
description='string',
encryptionConfiguration={
'kmsKeyId': 'string'
},
tags=[
{
'key': 'string',
'value': 'string'
},
],
clientToken='string',
attachmentsConfiguration={
'attachmentsControlMode': 'ENABLED'|'DISABLED'
},
qAppsConfiguration={
'qAppsControlMode': 'ENABLED'|'DISABLED'
},
personalizationConfiguration={
'personalizationControlMode': 'ENABLED'|'DISABLED'
}
)
string
[REQUIRED]
A name for the Amazon Q Business application.
string
The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon CloudWatch logs and metrics.
string
The authentication type being used by a Amazon Q Business application.
string
The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.
string
The Amazon Resource Name (ARN) of the IAM Identity Center instance you are either creating for—or connecting to—your Amazon Q Business application.
list
The OIDC client ID for a Amazon Q Business application.
(string) --
string
A description for the Amazon Q Business application.
dict
The identifier of the KMS key that is used to encrypt your data. Amazon Q Business doesn't support asymmetric keys.
kmsKeyId (string) --
The identifier of the KMS key. Amazon Q Business doesn't support asymmetric keys.
list
A list of key-value pairs that identify or categorize your Amazon Q Business application. You can also use tags to help control access to the application. Tag keys and values can consist of Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @.
(dict) --
A list of key/value pairs that identify an index, FAQ, or data source. Tag keys and values can consist of Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @.
key (string) -- [REQUIRED]
The key for the tag. Keys are not case sensitive and must be unique for the Amazon Q Business application or data source.
value (string) -- [REQUIRED]
The value associated with the tag. The value may be an empty string but it can't be null.
string
A token that you provide to identify the request to create your Amazon Q Business application.
This field is autopopulated if not provided.
dict
An option to allow end users to upload files directly during chat.
attachmentsControlMode (string) -- [REQUIRED]
Status information about whether file upload functionality is activated or deactivated for your end user.
dict
An option to allow end users to create and use Amazon Q Apps in the web experience.
qAppsControlMode (string) -- [REQUIRED]
Status information about whether end users can create and use Amazon Q Apps in the web experience.
dict
Configuration information about chat response personalization. For more information, see Personalizing chat responses
personalizationControlMode (string) -- [REQUIRED]
An option to allow Amazon Q Business to customize chat responses using user specific metadata—specifically, location and job information—in your IAM Identity Center instance.
dict
Response Syntax
{
'applicationId': 'string',
'applicationArn': 'string'
}
Response Structure
(dict) --
applicationId (string) --
The identifier of the Amazon Q Business application.
applicationArn (string) --
The Amazon Resource Name (ARN) of the Amazon Q Business application.
{'identityProviderConfiguration': {'openIDConnectConfiguration': {'secretsArn': 'string',
'secretsRole': 'string'},
'samlConfiguration': {'authenticationUrl': 'string'}}}
Creates an Amazon Q Business web experience.
See also: AWS API Documentation
Request Syntax
client.create_web_experience(
applicationId='string',
title='string',
subtitle='string',
welcomeMessage='string',
samplePromptsControlMode='ENABLED'|'DISABLED',
roleArn='string',
tags=[
{
'key': 'string',
'value': 'string'
},
],
clientToken='string',
identityProviderConfiguration={
'samlConfiguration': {
'authenticationUrl': 'string'
},
'openIDConnectConfiguration': {
'secretsArn': 'string',
'secretsRole': 'string'
}
}
)
string
[REQUIRED]
The identifier of the Amazon Q Business web experience.
string
The title for your Amazon Q Business web experience.
string
A subtitle to personalize your Amazon Q Business web experience.
string
The customized welcome message for end users of an Amazon Q Business web experience.
string
Determines whether sample prompts are enabled in the web experience for an end user.
string
The Amazon Resource Name (ARN) of the service role attached to your web experience.
Note
You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value.
list
A list of key-value pairs that identify or categorize your Amazon Q Business web experience. You can also use tags to help control access to the web experience. Tag keys and values can consist of Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @.
(dict) --
A list of key/value pairs that identify an index, FAQ, or data source. Tag keys and values can consist of Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @.
key (string) -- [REQUIRED]
The key for the tag. Keys are not case sensitive and must be unique for the Amazon Q Business application or data source.
value (string) -- [REQUIRED]
The value associated with the tag. The value may be an empty string but it can't be null.
string
A token you provide to identify a request to create an Amazon Q Business web experience.
This field is autopopulated if not provided.
dict
Information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: samlConfiguration, openIDConnectConfiguration.
samlConfiguration (dict) --
Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
authenticationUrl (string) -- [REQUIRED]
The URL where Amazon Q Business end users will be redirected for authentication.
openIDConnectConfiguration (dict) --
Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
secretsArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of a Secrets Manager secret containing the OIDC client secret.
secretsRole (string) -- [REQUIRED]
An IAM role with permissions to access KMS to decrypt the Secrets Manager secret containing your OIDC client secret.
dict
Response Syntax
{
'webExperienceId': 'string',
'webExperienceArn': 'string'
}
Response Structure
(dict) --
webExperienceId (string) --
The identifier of the Amazon Q Business web experience.
webExperienceArn (string) --
The Amazon Resource Name (ARN) of an Amazon Q Business web experience.
{'autoSubscriptionConfiguration': {'autoSubscribe': 'ENABLED | DISABLED',
'defaultSubscriptionType': 'Q_LITE | '
'Q_BUSINESS'},
'clientIdsForOIDC': ['string'],
'iamIdentityProviderArn': 'string',
'identityType': 'AWS_IAM_IDP_SAML | AWS_IAM_IDP_OIDC | AWS_IAM_IDC'}
Gets information about an existing Amazon Q Business application.
See also: AWS API Documentation
Request Syntax
client.get_application(
applicationId='string'
)
string
[REQUIRED]
The identifier of the Amazon Q Business application.
dict
Response Syntax
{
'displayName': 'string',
'applicationId': 'string',
'applicationArn': 'string',
'identityType': 'AWS_IAM_IDP_SAML'|'AWS_IAM_IDP_OIDC'|'AWS_IAM_IDC',
'iamIdentityProviderArn': 'string',
'identityCenterApplicationArn': 'string',
'roleArn': 'string',
'status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED'|'UPDATING',
'description': 'string',
'encryptionConfiguration': {
'kmsKeyId': 'string'
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'error': {
'errorMessage': 'string',
'errorCode': 'InternalError'|'InvalidRequest'|'ResourceInactive'|'ResourceNotFound'
},
'attachmentsConfiguration': {
'attachmentsControlMode': 'ENABLED'|'DISABLED'
},
'qAppsConfiguration': {
'qAppsControlMode': 'ENABLED'|'DISABLED'
},
'personalizationConfiguration': {
'personalizationControlMode': 'ENABLED'|'DISABLED'
},
'autoSubscriptionConfiguration': {
'autoSubscribe': 'ENABLED'|'DISABLED',
'defaultSubscriptionType': 'Q_LITE'|'Q_BUSINESS'
},
'clientIdsForOIDC': [
'string',
]
}
Response Structure
(dict) --
displayName (string) --
The name of the Amazon Q Business application.
applicationId (string) --
The identifier of the Amazon Q Business application.
applicationArn (string) --
The Amazon Resource Name (ARN) of the Amazon Q Business application.
identityType (string) --
The authentication type being used by a Amazon Q Business application.
iamIdentityProviderArn (string) --
The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.
identityCenterApplicationArn (string) --
The Amazon Resource Name (ARN) of the AWS IAM Identity Center instance attached to your Amazon Q Business application.
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM with permissions to access your CloudWatch logs and metrics.
status (string) --
The status of the Amazon Q Business application.
description (string) --
A description for the Amazon Q Business application.
encryptionConfiguration (dict) --
The identifier of the Amazon Web Services KMS key that is used to encrypt your data. Amazon Q Business doesn't support asymmetric keys.
kmsKeyId (string) --
The identifier of the KMS key. Amazon Q Business doesn't support asymmetric keys.
createdAt (datetime) --
The Unix timestamp when the Amazon Q Business application was last updated.
updatedAt (datetime) --
The Unix timestamp when the Amazon Q Business application was last updated.
error (dict) --
If the Status field is set to ERROR , the ErrorMessage field contains a description of the error that caused the synchronization to fail.
errorMessage (string) --
The message explaining the data source sync error.
errorCode (string) --
The code associated with the data source sync error.
attachmentsConfiguration (dict) --
Settings for whether end users can upload files directly during chat.
attachmentsControlMode (string) --
Information about whether file upload during chat functionality is activated for your application.
qAppsConfiguration (dict) --
Settings for whether end users can create and use Amazon Q Apps in the web experience.
qAppsControlMode (string) --
Status information about whether end users can create and use Amazon Q Apps in the web experience.
personalizationConfiguration (dict) --
Configuration information about chat response personalization. For more information, see Personalizing chat responses.
personalizationControlMode (string) --
An option to allow Amazon Q Business to customize chat responses using user specific metadata—specifically, location and job information—in your IAM Identity Center instance.
autoSubscriptionConfiguration (dict) --
Settings for auto-subscription behavior for this application. This is only applicable to SAML and OIDC applications.
autoSubscribe (string) --
Describes whether automatic subscriptions are enabled for an Amazon Q Business application using IAM identity federation for user management.
defaultSubscriptionType (string) --
Describes the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user management. If the value for autoSubscribe is set to ENABLED you must select a value for this field.
clientIdsForOIDC (list) --
The OIDC client ID for a Amazon Q Business application.
(string) --
{'identityProviderConfiguration': {'openIDConnectConfiguration': {'secretsArn': 'string',
'secretsRole': 'string'},
'samlConfiguration': {'authenticationUrl': 'string'}}}
Gets information about an existing Amazon Q Business web experience.
See also: AWS API Documentation
Request Syntax
client.get_web_experience(
applicationId='string',
webExperienceId='string'
)
string
[REQUIRED]
The identifier of the Amazon Q Business application linked to the web experience.
string
[REQUIRED]
The identifier of the Amazon Q Business web experience.
dict
Response Syntax
{
'applicationId': 'string',
'webExperienceId': 'string',
'webExperienceArn': 'string',
'defaultEndpoint': 'string',
'status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED'|'PENDING_AUTH_CONFIG',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'title': 'string',
'subtitle': 'string',
'welcomeMessage': 'string',
'samplePromptsControlMode': 'ENABLED'|'DISABLED',
'roleArn': 'string',
'identityProviderConfiguration': {
'samlConfiguration': {
'authenticationUrl': 'string'
},
'openIDConnectConfiguration': {
'secretsArn': 'string',
'secretsRole': 'string'
}
},
'authenticationConfiguration': {
'samlConfiguration': {
'metadataXML': 'string',
'roleArn': 'string',
'userIdAttribute': 'string',
'userGroupAttribute': 'string'
}
},
'error': {
'errorMessage': 'string',
'errorCode': 'InternalError'|'InvalidRequest'|'ResourceInactive'|'ResourceNotFound'
}
}
Response Structure
(dict) --
applicationId (string) --
The identifier of the Amazon Q Business application linked to the web experience.
webExperienceId (string) --
The identifier of the Amazon Q Business web experience.
webExperienceArn (string) --
The Amazon Resource Name (ARN) of the role with the permission to access the Amazon Q Business web experience and required resources.
defaultEndpoint (string) --
The endpoint of your Amazon Q Business web experience.
status (string) --
The current status of the Amazon Q Business web experience. When the Status field value is FAILED , the ErrorMessage field contains a description of the error that caused the data source connector to fail.
createdAt (datetime) --
The Unix timestamp when the Amazon Q Business web experience was last created.
updatedAt (datetime) --
The Unix timestamp when the Amazon Q Business web experience was last updated.
title (string) --
The title for your Amazon Q Business web experience.
subtitle (string) --
The subtitle for your Amazon Q Business web experience.
welcomeMessage (string) --
The customized welcome message for end users of an Amazon Q Business web experience.
samplePromptsControlMode (string) --
Determines whether sample prompts are enabled in the web experience for an end user.
roleArn (string) --
The Amazon Resource Name (ARN) of the service role attached to your web experience.
identityProviderConfiguration (dict) --
Information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: samlConfiguration, openIDConnectConfiguration. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
samlConfiguration (dict) --
Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
authenticationUrl (string) --
The URL where Amazon Q Business end users will be redirected for authentication.
openIDConnectConfiguration (dict) --
Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
secretsArn (string) --
The Amazon Resource Name (ARN) of a Secrets Manager secret containing the OIDC client secret.
secretsRole (string) --
An IAM role with permissions to access KMS to decrypt the Secrets Manager secret containing your OIDC client secret.
authenticationConfiguration (dict) --
The authentication configuration information for your Amazon Q Business web experience.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: samlConfiguration. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
samlConfiguration (dict) --
Provides the SAML 2.0 compliant identity provider (IdP) configuration information Amazon Q Business needs to deploy a Amazon Q Business web experience.
metadataXML (string) --
The metadata XML that your IdP generated.
roleArn (string) --
The Amazon Resource Name (ARN) of an IAM role assumed by users when they authenticate into their Amazon Q Business web experience, containing the relevant Amazon Q Business permissions for conversing with Amazon Q Business.
userIdAttribute (string) --
The user attribute name in your IdP that maps to the user email.
userGroupAttribute (string) --
The group attribute name in your IdP that maps to user groups.
error (dict) --
When the Status field value is FAILED , the ErrorMessage field contains a description of the error that caused the data source connector to fail.
errorMessage (string) --
The message explaining the data source sync error.
errorCode (string) --
The code associated with the data source sync error.
{'applications': {'identityType': 'AWS_IAM_IDP_SAML | AWS_IAM_IDP_OIDC | '
'AWS_IAM_IDC'}}
Lists Amazon Q Business applications.
See also: AWS API Documentation
Request Syntax
client.list_applications(
nextToken='string',
maxResults=123
)
string
If the maxResults response was incomplete because there is more data to retrieve, Amazon Q Business returns a pagination token in the response. You can use this pagination token to retrieve the next set of Amazon Q Business applications.
integer
The maximum number of Amazon Q Business applications to return.
dict
Response Syntax
{
'nextToken': 'string',
'applications': [
{
'displayName': 'string',
'applicationId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED'|'UPDATING',
'identityType': 'AWS_IAM_IDP_SAML'|'AWS_IAM_IDP_OIDC'|'AWS_IAM_IDC'
},
]
}
Response Structure
(dict) --
nextToken (string) --
If the response is truncated, Amazon Q Business returns this token. You can use this token in a subsequent request to retrieve the next set of applications.
applications (list) --
An array of summary information on the configuration of one or more Amazon Q Business applications.
(dict) --
Summary information for an Amazon Q Business application.
displayName (string) --
The name of the Amazon Q Business application.
applicationId (string) --
The identifier for the Amazon Q Business application.
createdAt (datetime) --
The Unix timestamp when the Amazon Q Business application was created.
updatedAt (datetime) --
The Unix timestamp when the Amazon Q Business application was last updated.
status (string) --
The status of the Amazon Q Business application. The application is ready to use when the status is ACTIVE .
identityType (string) --
The authentication type being used by a Amazon Q Business application.
{'autoSubscriptionConfiguration': {'autoSubscribe': 'ENABLED | DISABLED',
'defaultSubscriptionType': 'Q_LITE | '
'Q_BUSINESS'}}
Updates an existing Amazon Q Business application.
See also: AWS API Documentation
Request Syntax
client.update_application(
applicationId='string',
identityCenterInstanceArn='string',
displayName='string',
description='string',
roleArn='string',
attachmentsConfiguration={
'attachmentsControlMode': 'ENABLED'|'DISABLED'
},
qAppsConfiguration={
'qAppsControlMode': 'ENABLED'|'DISABLED'
},
personalizationConfiguration={
'personalizationControlMode': 'ENABLED'|'DISABLED'
},
autoSubscriptionConfiguration={
'autoSubscribe': 'ENABLED'|'DISABLED',
'defaultSubscriptionType': 'Q_LITE'|'Q_BUSINESS'
}
)
string
[REQUIRED]
The identifier of the Amazon Q Business application.
string
The Amazon Resource Name (ARN) of the IAM Identity Center instance you are either creating for—or connecting to—your Amazon Q Business application.
string
A name for the Amazon Q Business application.
string
A description for the Amazon Q Business application.
string
An Amazon Web Services Identity and Access Management (IAM) role that gives Amazon Q Business permission to access Amazon CloudWatch logs and metrics.
dict
An option to allow end users to upload files directly during chat.
attachmentsControlMode (string) -- [REQUIRED]
Status information about whether file upload functionality is activated or deactivated for your end user.
dict
An option to allow end users to create and use Amazon Q Apps in the web experience.
qAppsControlMode (string) -- [REQUIRED]
Status information about whether end users can create and use Amazon Q Apps in the web experience.
dict
Configuration information about chat response personalization. For more information, see Personalizing chat responses.
personalizationControlMode (string) -- [REQUIRED]
An option to allow Amazon Q Business to customize chat responses using user specific metadata—specifically, location and job information—in your IAM Identity Center instance.
dict
An option to enable updating the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user management.
autoSubscribe (string) -- [REQUIRED]
Describes whether automatic subscriptions are enabled for an Amazon Q Business application using IAM identity federation for user management.
defaultSubscriptionType (string) --
Describes the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user management. If the value for autoSubscribe is set to ENABLED you must select a value for this field.
dict
Response Syntax
{}
Response Structure
(dict) --
{'identityProviderConfiguration': {'openIDConnectConfiguration': {'secretsArn': 'string',
'secretsRole': 'string'},
'samlConfiguration': {'authenticationUrl': 'string'}}}
Updates an Amazon Q Business web experience.
See also: AWS API Documentation
Request Syntax
client.update_web_experience(
applicationId='string',
webExperienceId='string',
roleArn='string',
authenticationConfiguration={
'samlConfiguration': {
'metadataXML': 'string',
'roleArn': 'string',
'userIdAttribute': 'string',
'userGroupAttribute': 'string'
}
},
title='string',
subtitle='string',
welcomeMessage='string',
samplePromptsControlMode='ENABLED'|'DISABLED',
identityProviderConfiguration={
'samlConfiguration': {
'authenticationUrl': 'string'
},
'openIDConnectConfiguration': {
'secretsArn': 'string',
'secretsRole': 'string'
}
}
)
string
[REQUIRED]
The identifier of the Amazon Q Business application attached to the web experience.
string
[REQUIRED]
The identifier of the Amazon Q Business web experience.
string
The Amazon Resource Name (ARN) of the role with permission to access the Amazon Q Business web experience and required resources.
dict
The authentication configuration of the Amazon Q Business web experience.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: samlConfiguration.
samlConfiguration (dict) --
Provides the SAML 2.0 compliant identity provider (IdP) configuration information Amazon Q Business needs to deploy a Amazon Q Business web experience.
metadataXML (string) -- [REQUIRED]
The metadata XML that your IdP generated.
roleArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of an IAM role assumed by users when they authenticate into their Amazon Q Business web experience, containing the relevant Amazon Q Business permissions for conversing with Amazon Q Business.
userIdAttribute (string) -- [REQUIRED]
The user attribute name in your IdP that maps to the user email.
userGroupAttribute (string) --
The group attribute name in your IdP that maps to user groups.
string
The title of the Amazon Q Business web experience.
string
The subtitle of the Amazon Q Business web experience.
string
A customized welcome message for an end user in an Amazon Q Business web experience.
string
Determines whether sample prompts are enabled in the web experience for an end user.
dict
Information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: samlConfiguration, openIDConnectConfiguration.
samlConfiguration (dict) --
Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
authenticationUrl (string) -- [REQUIRED]
The URL where Amazon Q Business end users will be redirected for authentication.
openIDConnectConfiguration (dict) --
Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.
secretsArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of a Secrets Manager secret containing the OIDC client secret.
secretsRole (string) -- [REQUIRED]
An IAM role with permissions to access KMS to decrypt the Secrets Manager secret containing your OIDC client secret.
dict
Response Syntax
{}
Response Structure
(dict) --