Amazon Q index for ISVs is a capability that enables ISVs to access customers' enterprise data through Amazon Q Index to enhance their SaaS solutions with generative AI experiences. The service enables ISVs to utilize customers' Retrieval Augmented Generation (RAG) data in a novel approach compared to traditional connector-based data source integration. The service includes key features such as multi-tenancy isolation within the Amazon Q Index and direct API access through Search Relevant Content API for headless Amazon Q Business implementation. These capabilities support authenticated user experiences and enable ISVs to enrich their own generative AI applications and enhance end-user experiences.
How does an ISV’s access to customers’ Amazon Q index data work? The process involves three simple steps:
- The ISV registers with AWS a data accessor.
- The customer adds that ISV as a data accessor to enable access to their index.
- The ISV can then query the customer’s index through cross-account Search Relevant Content API requests.
Provided sample solution demonstrates cross-account data retrieval functionality for Amazon Q index using AWS IAM Identity Center (IDC) authentication setup on Amazon Q Business. The application implements a step-by-step process for user authentication, token generation, obatain temporary credential and data retrieval through Search Content Retrieval API.
- Deployable sample ISV webpage that teaches each steps for Authorization Code authentication flow to access Q index with SearchRelevantContent API
- Shell script that goes through Authorization Code authentication flow to access Q index with SearchRelevantContent API for the cross-account (using data accessor) access
- Shell script that goes through Authorization Code authentication flow to access Q index with SearchRelevantContent API for the cross-account (using data accessor) access
- Shell script that goes through Trusted Token Issuer (TTI) authentication flow to access Q index with SearchRelevantContent API for the cross-account (using data accessor) access
- Shell script that goes through Authorization Code authentication flow to access Q index with SearchRelevantContent API for the same account access
- Python Streamlit application that demonstrates both Authorization Code and TTI. Also includes a quick set of tests that can be viewed from a dashboard
- coming soon
- The AWS Labs amazon-qindex MCP Server is a Model Context Protocol (MCP) server designed to facilitate integration with Amazon Q Business's SearchRelevantContent API. While the server provides essential tools and functions for authentication and search capabilities using Amazon Q index, it currently serves for Independent Software Vendors (ISVs) who are AWS registered data accessors. The server enables cross-account search capabilities, allowing ISVs who are data accessors to search through enterprise customers' Q index and access relevant content across their data sources using specific authentication and authorization flows.
- List of helpful commands related to enabling data accessor & requesting Search Relevant Content API
This library is licensed under the MIT-0 License. See the LICENSE file.
- Changelog of the project.
- License of the project.
- Code of Conduct of the project.
It is critical that before you use any of this code in Production that you work with your own internal Security and Governance teams to get the appropriate Code and AppSec reviews for your organization.
Although the code has been written with best practices in mind, your own company may require different ones, or have additional rules and restrictions.
You take full ownership and responsibility for the code running in your environment, and are free to make whatever changes you need to.