Use Amazon Q to seek out solutions on Google Drive in an enterprise

Amazon Q Enterprise is a generative AI-powered assistant designed to reinforce enterprise operations. It’s a completely managed service that helps present correct solutions to customers’ questions whereas adhering to the safety and entry restrictions of the content material. You’ll be able to tailor Amazon Q Enterprise to your particular enterprise wants by connecting to your organization’s info and enterprise methods utilizing built-in connectors to quite a lot of enterprise knowledge sources. It allows customers in numerous roles, equivalent to advertising and marketing managers, venture managers, and gross sales representatives, to have tailor-made conversations, clear up enterprise issues, generate content material, take motion, and extra, by means of an internet interface. This service goals to assist make workers work smarter, transfer quicker, and drive important influence by offering rapid and related info to assist them with their duties.

One such enterprise knowledge repository you should utilize to retailer and handle content material is Google Drive. Google Drive is a cloud-based storage service that gives a centralized location for storing digital property, together with paperwork, data articles, and spreadsheets. This service helps your groups collaborate successfully by enabling the sharing and group of essential information throughout the enterprise. To make use of Google Drive inside Amazon Q Enterprise, you possibly can configure the Amazon Q Enterprise Google Drive connector. This connector permits Amazon Q Enterprise to securely index information saved in Google Drive utilizing entry management lists (ACLs). These ACLs make it possible for customers solely entry the paperwork they’re permitted to view, permitting them to ask questions and retrieve info related to their work straight by means of Amazon Q Enterprise.

This submit covers the steps to configure the Amazon Q Enterprise Google Drive connector, together with authentication setup and verifying the safe indexing of your Google Drive content material.

Index Google Drive paperwork utilizing the Amazon Q Google Drive connector

The Amazon Q Google Drive connector can index Google Drive paperwork hosted in a Google Workspace account. The connector can’t index paperwork saved on Google Drive in a private Google Gmail account. Amazon Q Enterprise can authenticate together with your Google Workspace utilizing a service account or OAuth 2.0 authentication. A service account allows indexing information for person accounts throughout an enterprise in a Google Workspace. Utilizing OAuth 2.0 authentication permits for crawling and indexing information in a single Google Workspace account. This submit exhibits you easy methods to configure Amazon Q Enterprise to authenticate utilizing a Google service account.

Google prescribes that with a view to index a number of customers’ paperwork, the crawler should help the potential to authenticate with a service account with domain-wide delegation. This permits the connector to index the paperwork of all customers in your drive and shared drives. Amazon Q Enterprise connectors solely crawl the paperwork that the Amazon Q Enterprise software administrator specifies have to be crawled. Directors can specify the paths to crawl, particular file identify patterns, or varieties. Amazon Q Enterprise doesn’t use buyer knowledge to coach any fashions. All buyer knowledge is listed solely within the buyer account. Additionally, Amazon Q Enterprise Connectors will solely index content material specified by the administrator. It received’t index any content material by itself with out explicitly being configured to take action by the administrator of Amazon Q Enterprise.

You’ll be able to configure the Amazon Q Google Drive connector to crawl and index file varieties supported by Amazon Q Enterprise. Google Write paperwork are exported as Microsoft Phrase and Google Sheet paperwork are exported as Microsoft Excel through the crawling section.

Metadata

Each doc has structural attributes—or metadata—connected to it. Doc attributes can embrace info equivalent to doc title, doc writer, time created, time up to date, and doc sort.

If you join Amazon Q Enterprise to a knowledge supply, it robotically maps particular knowledge supply doc attributes to fields inside an Amazon Q Enterprise index. If a doc attribute in your knowledge supply doesn’t have an attribute mapping already out there, or if you wish to map further doc attributes to index fields, you should utilize the customized subject mappings to specify how an information supply attribute maps to an Amazon Q Enterprise index subject. You’ll be able to create subject mappings by enhancing your knowledge supply after your software and retriever are created.

There are 4 default metadata attributes listed for every Google Drive doc: authors, supply URL, creation date, and final replace date. It’s also possible to choose further reserved knowledge subject mappings.

Amazon Q Enterprise crawls Google Drive ACLs outlined in a Google Workspace for doc safety. Google Workspace customers and teams are mapped to the _user_id and _group_ids fields related to the Amazon Q Enterprise software in AWS IAM Identification Heart. These person and group associations are persevered within the person retailer related to the Amazon Q Enterprise index created for crawled Google Drive paperwork.

Overview of ACLs in Amazon Q Enterprise

Within the context of information administration and generative AI chatbot functions, an ACL performs a vital function in managing who can entry info and what actions they will carry out inside the system. Additionally they facilitate data sharing inside particular teams or groups whereas proscribing entry to others.

On this answer, we deploy an Amazon Q net expertise to exhibit that two enterprise customers can solely ask questions on paperwork they’ve entry to in keeping with the ACL. With the Amazon Q Enterprise Google Drive connector, the Google Workspace ACL will likely be ingested with paperwork. This allows Amazon Q Enterprise to regulate the scope of paperwork that every person can entry within the Amazon Q net expertise.

Authentication varieties

An Amazon Q Enterprise software requires you to make use of IAM Identification Heart to handle person entry. Though it’s really helpful to have an IAM Identification Heart occasion configured (with customers federated and teams added) earlier than you begin, you may also select to create and configure an IAM Identification Heart occasion on your Amazon Q Enterprise software utilizing the Amazon Q console.

It’s also possible to add customers to your IAM Identification Heart occasion from the Amazon Q Enterprise console, for those who aren’t federating identification. If you add a brand new person, make it possible for the person is enabled in your IAM Identification Heart occasion and that they’ve verified their e mail ID. They should full these steps earlier than they will log in to your Amazon Q Enterprise net expertise.

Your identification supply in IAM Identification Heart defines the place your customers and teams are managed. After you configure your identification supply, you possibly can lookup customers or teams to grant them single sign-on entry to AWS accounts, functions, or each.

You’ll be able to have just one identification supply per group in AWS Organizations. You’ll be able to select one of many following as your identification supply:

Overview of answer

With Amazon Q Enterprise, you possibly can configure a number of knowledge sources to offer a central place to look throughout your doc repository. For our answer, we exhibit easy methods to index Google Drive knowledge utilizing the Amazon Q Enterprise Google Drive connector. We full the next steps:

1. Configure Google Workspace stipulations.
2. Configure an Amazon Q Enterprise software.
3. Join Google Drive to Amazon Q Enterprise.
4. Create customers and index the info within the Google Drive.
5. Run a pattern question to check the answer.

Configure Google Workspace stipulations

For this answer, Amazon Q will hook up with a Google Workspace and crawl Google Drive paperwork owned by enterprise customers in several teams utilizing a service account. Full the next steps to configure your Google Workspace:

1. Log in to the Google API console as an admin person.
2. Select the dropdown menu subsequent to the search field, then select New Challenge.
   
   
3. Enter the venture identify, select the Google group, and select Create.
   

The Google Drive and Admin SDK APIs have to be enabled for Amazon Q to crawl Google Drive information.

4. Seek for every API on the Google Cloud console and select Allow.
   
5. Seek for Service Accounts to entry the IAM & Admin navigation pane and select Create Service Account.
6. Enter the service account identify, service account ID, and outline, and select Achieved.
7. Select the e-mail of the service account created within the earlier step.
8. On the Keys tab, select Add Key, then select Create New Key.
9. For Key sort, choose JSON, and select Create to obtain and regionally save a brand new personal key.

Now we allow domain-wide delegation for the 5 required API scopes on the Area-wide Delegation web page.

10. Select Add new.
11. Add the next comma delimited API scopes for consumer ID generated for the personal key created within the earlier step:
    https://www.googleapis.com/auth/drive.readonly,
https://www.googleapis.com/auth/drive.metadata.readonly,
https://www.googleapis.com/auth/admin.listing.group.readonly,
https://www.googleapis.com/auth/admin.listing.person.readonly,
https://www.googleapis.com/auth/cloud-platform
12. Select Authorize.
    

Now we create customers and add them to teams.

13. Navigate to the Google Workspace Admin console and select Customers within the navigation pane.
14. Select Add new person to create two new enterprise customers.
    
15. Select Teams within the navigation pane.
16. Select Create group to create two Google teams and add one enterprise person to every group.
    
17. Add information that Amazon Q helps into every enterprise person’s Google Drive.

On this answer, we add the Amazon 2020 annual report to the primary enterprise person’s Google Drive and add the Amazon 2021 annual report and Amazon 2022 annual report to the second enterprise person’s Google Drive.

The enterprise person that uploaded the Amazon 2021 annual report may share it with the opposite enterprise person’s Google group.

18. Select the choices menu (three vertical dots) for the Google Drive file and select Share.
19. Enter the identify of the opposite Google group and select Ship.

Create an Amazon Q Enterprise software with a Google Drive connector

An Amazon Q Enterprise software must be created with a Google Drive connector to crawl and index Google Drive information. To create an Amazon Q software, full the next steps:

1. On the Amazon Q console, select Purposes within the navigation pane.
2. Select Create software.
3. For Software identify, enter a reputation.
4. Depart software configuration settings as defaults.
5. Select Create.
   
6. After the appliance is created, select Knowledge Sources.
7. Then select Choose retriever and Verify to make use of a Native retriever and Enterprise provisioning.
   
8. After confirming retriever settings, select Add knowledge supply, after which select the plus signal subsequent to Google Drive.
   
9. Beneath Title and outline, enter an information supply identify and elective description.
10. Beneath Authentication, choose Google service account and select Create a brand new secret from the AWS Secrets and techniques Supervisor secret drop right down to create an AWS Secrets and techniques Supervisor secret.
    
11. Enter a secret identify, admin account e mail, consumer e mail, and the JSON key you downloaded earlier, then select Save.
    
12. Beneath IAM function, select Create a brand new service function.
13. Beneath Further Configuration, select Consumer e mail, and add the 2 lately created Google Workspace enterprise person e mail addresses.
    
14. Beneath Sync run schedule, for Frequency, select Run on demand.
15. Select Add knowledge supply.
    

Create and handle customers

To create an Amazon Q net expertise accessible by Google Workspace customers, it’s essential to create corresponding customers in IAM Identification Heart. Amazon Q functions are solely accessible by IAM Identification Heart customers with person identities that personal listed paperwork. To create the IAM Identification Heart customers, full the next steps:

1. On the IAM Identification Heart console, select Customers within the navigation pane.
2. Select Add person.
3. Create IAM Identification Heart customers that mirror your Google Workspace customers by getting into the required person info.
   
4. Settle for the IAM Identification Heart invitation despatched by means of e mail to every new enterprise person and set every enterprise person’s IAM Identification Heart password.
5. On the Amazon Q Enterprise console, navigate to the appliance with the Google Drive knowledge supply.
6. Select Handle person entry.
7. Select Add teams and customers, choose Assign present customers and teams, and select Subsequent.
   
8. Assign customers to the Amazon Q software, select Assign, and select Verify if every enterprise person is subscribed to Q Enterprise Professional.
   

After you add IAM Identification Heart customers to your Amazon Q software, its net expertise URL will seem within the Q Enterprise functions listing. You need to use the URL to connect with the Amazon Q net expertise with both of your Google enterprise customers. By default, every person can solely ask questions on paperwork of their Google Drive.

Run pattern queries in Amazon Q

To check the Amazon Q software with the Amazon annual experiences you uploaded to Google Drive, full the next steps:

1. On the Amazon Q Enterprise console, navigate to the info supply you created.
2. Run an on-demand sync of the info supply by selecting Sync now.
   
3. Navigate to the net expertise URL in a brand new personal browser window and log in as the primary enterprise person.
   
4. Ask Amazon Q a query, equivalent to what number of workers work at Amazon.

The supply paperwork ought to be the Amazon 2020 and 2021 annual experiences, assuming the primary enterprise person uploaded the Amazon 2020 annual report and the second enterprise person shared the Amazon 2021 annual report with the primary enterprise person.

5. Navigate to the net expertise URL in a brand new personal browser window and log in because the second enterprise person.
6. Ask Amazon Q the identical query (what number of workers work at Amazon).

The supply paperwork ought to be the Amazon 2021 and 2022 annual experiences.

Troubleshooting

On this part, we share some frequent points and troubleshooting ideas.

IAM Identification Heart login error

You may obtain an error on the IAM Identification Heart login web page that claims “We couldn’t confirm your sign-in credentials.”

To troubleshoot, full the next steps:

1. Verify that the enterprise customers that mirror the Google Workspace customers had been created in IAM Identification Heart.
2. If the customers exist, navigate to the person in IAM Identification Heart and select Reset password, then choose Generate a one-time password and share the password with the person.

A password will likely be offered for login and the person will likely be requested to vary their password after a profitable login.

Google Drive knowledge supply crawling or indexing failure

If the Google Drive knowledge supply crawling or indexing fails, full the next steps:

1. Verify the enterprise customers provisioned within the Google Workspace are members of the Google teams.
2. Examine the Amazon CloudWatch logs for the final time the Google Drive knowledge supply was crawled for customers with Google Drive information within the Google Workspace.
3. If the crawler didn’t efficiently log the indexing of an anticipated person’s information, verify the IAM Identification Heart customers, then evaluate the attributes within the Secrets and techniques Supervisor secret to the corresponding Google Workspace attributes, together with consumer ID, service account e mail, and repair account personal key.
4. Use the Amazon Q Enterprise document-level sync experiences to substantiate the meant Google Drive paperwork had been listed by Amazon Q.

Google Drive knowledge supply crawling and indexing job doesn’t crawl and index paperwork

If the Google Drive knowledge supply crawling and indexing job doesn’t crawl and index any paperwork, full the next steps:

1. Verify the enterprise customers provisioned within the Google Workspace are members of the Google teams.
2. Verify there are IAM Identification Heart customers that mirror the Google Workspace customers.
3. Verify each IAM Identification Heart customers subscribe to Q Enterprise Professional.
4. Verify the Google Workspace admin person has enabled the Google Drive API.

Amazon Q net expertise doesn’t return anticipated solutions from the anticipated supply

If the Amazon Q net expertise doesn’t return anticipated solutions from the anticipated supply, full the next steps:

1. Add the anticipated supply doc into an Amazon Q Enterprise chat session by selecting the paperclip icon within the Amazon Q chat interface after which selecting the file.
   

After you add the doc into the session, if the anticipated solutions are generated from the anticipated doc, the doc wasn’t efficiently listed from the Google Drive knowledge supply.

2. If Amazon Q doesn’t return the anticipated reply for the uploaded doc, modify the immediate used to ask the query.

Clear up

To stop incurring further prices, it’s important to scrub up and take away any sources created through the implementation of this answer. Particularly, it is best to delete the Amazon Q software, which is able to consequently take away the related index and knowledge connectors. Nonetheless, any Secrets and techniques Supervisor secrets and techniques created through the Amazon Q software setup course of have to be eliminated individually. Failing to scrub up these sources might end in ongoing fees, so it’s essential to take the required steps to utterly take away all elements associated to this answer.

Full the next steps to delete the Amazon Q software, secret, and IAM Identification Heart customers in your AWS account:

1. On the Amazon Q Enterprise console, select Purposes within the navigation pane.
2. Choose the appliance that you simply created and on the Actions menu, select Delete and make sure the deletion.
3. On the Secrets and techniques Supervisor console, select Secrets and techniques within the navigation pane.
4. Choose the key that was created for the Google Drive connector and on the Actions menu, select Delete.
5. Specify the ready interval as 7 days and select Schedule deletion.
6. On the IAM Identification Heart console, select Customers within the navigation pane.
7. Choose the 2 customers that you simply created and select Delete customers to take away these customers.

Moreover, it is best to take away the enterprise customers added to your Google Workspace through the implementation of this answer as a result of Google Workspaces prices are billed on a per-user foundation.

Conclusion

On this submit, you created an Amazon Q software that listed Google Drive paperwork utilizing the Google Drive connector. You had been ready to connect with the Amazon Q conversational interface as every of your corporation customers and ask questions in regards to the paperwork every person might entry in accordance with the ACL.

You’ll be able to proceed to experiment by including extra PDF paperwork to your corporation customers’ Google Drives and re-syncing your Amazon Q Google Drive knowledge supply.

Amazon Q Enterprise provides different connectors, equivalent to for Confluence Cloud. To be taught extra in regards to the Amazon Q Enterprise Confluence Cloud connector, check with Connecting Confluence (Cloud) to Amazon Q Enterprise.

Concerning the Authors

Glen Eire is a Senior Enterprise Account Engineer at AWS within the Worldwide Public Sector. Glen’s areas of focus embrace empowering prospects all for constructing generative AI options utilizing Amazon Q.

Julia Hu is a Specialist Options Architect who helps AWS prospects and companions construct generative AI options utilizing Amazon Q Enterprise on AWS. Julia has over 4 years of expertise growing options for patrons adopting AWS companies on the forefront of cloud expertise.