E-mail your conversations from Amazon Q

As organizations navigate the complexities of the digital realm, generative AI has emerged as a transformative pressure, empowering enterprises to reinforce productiveness, streamline workflows, and drive innovation. To maximise the worth of insights generated by generative AI, it’s essential to offer easy methods for customers to protect and share these insights utilizing generally used instruments corresponding to e-mail.

Amazon Q Enterprise is a generative AI-powered assistant that may reply questions, present summaries, generate content material, and securely full duties primarily based on information and data in your enterprise techniques. It’s redefining the best way companies method data-driven decision-making, content material era, and safe job administration. Through the use of the customized plugin functionality of Amazon Q Enterprise, you may prolong its performance to help sending emails straight from Amazon Q purposes, permitting you to retailer and share the dear insights gleaned out of your conversations with this highly effective AI assistant.

Amazon Easy E-mail Service (Amazon SES) is an e-mail service supplier that gives a easy, cost-effective method so that you can ship and obtain e-mail utilizing your individual e-mail addresses and domains. Amazon SES gives many e-mail instruments, together with e-mail sender configuration choices, e-mail deliverability instruments, versatile e-mail deployment choices, sender and identification administration, e-mail safety, e-mail sending statistics, e-mail status dashboard, and inbound e-mail companies.

This put up explores how one can combine Amazon Q Enterprise with Amazon SES to e-mail conversations to specified e-mail addresses.

Answer overview

The next diagram illustrates the answer structure.

The workflow consists of the next steps:

1. Create an Amazon Q Enterprise utility with an Amazon Easy Storage Service (Amazon S3) information supply. Amazon Q makes use of Retrieval Augmented Technology (RAG) to reply consumer questions.
2. Configure an AWS IAM Id Heart occasion in your Amazon Q Enterprise utility surroundings with customers and teams added. Amazon Q Enterprise helps each organization- and account-level IAM Id Heart cases.
3. Create a customized plugin that invokes an OpenAPI schema of the Amazon API Gateway This API sends emails to the customers.
4. Retailer OAuth data in AWS Secrets and techniques Supervisor and supply the key data to the plugin.
5. Present AWS Id Supervisor and Entry Administration (IAM) roles to entry the secrets and techniques in Secrets and techniques Supervisor.
6. The customized plugin takes the consumer to an Amazon Cognito sign-in web page. The consumer supplies credentials to log in. After authentication, the consumer session is saved within the Amazon Q Enterprise utility for subsequent API calls.
7. Put up-authentication, the customized plugin will move the token to API Gateway to invoke the API.
8. You possibly can assist safe your API Gateway REST API from widespread net exploits, corresponding to SQL injection and cross-site scripting (XSS) assaults, utilizing AWS WAF.
9. AWS Lambda hosted in Amazon Digital Personal Cloud (Amazon VPC) internally calls the Amazon SES SDK.
10. Lambda makes use of AWS Id and Entry Administration (IAM) permissions to make an SDK name to Amazon SES.
11. Amazon SES sends an e-mail utilizing SMTP to verified emails supplied by the consumer.

Within the following sections, we stroll via the steps to deploy and take a look at the answer. This answer is supported solely within the us-east-1 AWS Area.

Stipulations

Full the next conditions:

1. Have a legitimate AWS account.
2. Allow an IAM Id Heart occasion and seize the Amazon Useful resource Identify (ARN) of the IAM Id Heart occasion from the settings web page.
3. Add customers and teams to IAM Id Heart.
4. Have an IAM function within the account that has ample permissions to create the mandatory sources. When you have administrator entry to the account, no motion is important.
5. Allow Amazon CloudWatch Logs for API Gateway. For extra data, see How do I activate CloudWatch Logs to troubleshoot my API Gateway REST API or WebSocket API?
6. Have two e-mail addresses to ship and obtain emails which you can confirm utilizing the hyperlink despatched to you. Don’t use current verified identities in Amazon SES for these e-mail addresses. In any other case, the AWS CloudFormation template will fail.
7. Have an Amazon Q Enterprise Professional subscription to create Amazon Q apps.
8. Have the service-linked IAM function AWSServiceRoleForQBusiness. For those who don’t have one, create it with the amazonaws.com service title.
9. Allow AWS CloudTrail logging for operational and threat auditing. For directions, see Making a path in your AWS account.
10. Allow finances coverage notifications to assist shield from undesirable billing.

Deploy the answer sources

On this step, we use a CloudFormation template to deploy a Lambda operate, configure the REST API, and create identities. Full the next steps:

1. Open the AWS CloudFormation console within the us-east-1
2. Select Create stack.
3. Obtain the CloudFormation template and add it within the Specify template
4. Select Subsequent.

5. For Stack title, enter a reputation (for instance, QIntegrationWithSES).
6. Within the Parameters part, present the next:
   1. For IDCInstanceArn, enter your IAM Id Heart occasion ARN.
   2. For LambdaName, enter the title of your Lambda operate.
   3. For Fromemailaddress, enter the tackle to ship e-mail.
   4. For Toemailaddress, enter the tackle to obtain e-mail.
7. Select Subsequent.

8. Preserve the opposite values as default and choose I acknowledge that AWS CloudFormation would possibly create IAM sources within the Capabilities
9. Select Submit to create the CloudFormation stack.
10. After the profitable deployment of the stack, on the Outputs tab, make an observation of the worth for apiGatewayInvokeURL. You’ll need this later to create a customized plugin.

Verification emails will probably be despatched to the Toemailaddress and Fromemailaddress values supplied as enter to the CloudFormation template.

11. Confirm the newly created e-mail identities utilizing the hyperlink within the e-mail.

This put up doesn’t cowl auto scaling of Lambda features. For extra details about easy methods to combine Lambda with Software Auto Scaling, see AWS Lambda and Software Auto Scaling.

To configure AWS WAF on API Gateway, confer with Use AWS WAF to guard your REST APIs in API Gateway.

That is pattern code, for non-production utilization. You must work along with your safety and authorized groups to satisfy your organizational safety, regulatory, and compliance necessities earlier than deployment.

Create Amazon Cognito customers

This answer makes use of Amazon Cognito to authorize customers to make a name to API Gateway. The CloudFormation template creates a brand new Amazon Cognito consumer pool.

Full the next steps to create a consumer within the newly created consumer pool and seize details about the consumer pool:

1. On the AWS CloudFormation console, navigate to the stack you created.
2. On the Assets tab, select the hyperlink subsequent to the bodily ID for CognitoUserPool.

3. On the Amazon Cognito console, select Person administration and customers within the navigation pane.
4. Select Create consumer.
5. Enter an e-mail tackle and password of your selection, then select Create consumer.

6. Within the navigation pane, select Purposes and app purchasers.
7. Seize the consumer ID and consumer secret. You’ll need these later throughout customized plugin improvement.
8. On the Login pages tab, copy the values for Allowed callback URLs. You’ll need these later throughout customized plugin improvement.
9. Within the navigation pane, select Branding.
10. Seize the Amazon Cognito area. You’ll need this data to replace OpenAPI specs.

Add paperwork to Amazon S3

This answer makes use of the absolutely managed Amazon S3 information supply to seamlessly energy a RAG workflow, eliminating the necessity for customized integration and information stream administration.

For this put up, we use pattern articles to add to Amazon S3. Full the next steps:

1. On the AWS CloudFormation console, navigate to the stack you created.
2. On the Assets tab, select the hyperlink for the bodily ID of AmazonQDataSourceBucket.

3. Add the pattern articles file to the S3 bucket. For directions, see Importing objects.

Add customers to the Amazon Q Enterprise utility

Full the next steps so as to add customers to the newly created Amazon Q enterprise utility:

1. On the Amazon Q Enterprise console, select Purposes within the navigation pane.
2. Select the appliance you created utilizing the CloudFormation template.
3. Beneath Person entry, select Handle consumer entry.

4. On the Handle entry and subscriptions web page, select Add teams and customers.

5. Choose Assign current customers and teams, then select Subsequent.
6. Seek for your IAM Id Heart consumer group.

7. Select the group and select Assign so as to add the group and its customers.
8. Guarantee that the present subscription is Q Enterprise Professional.
9. Select Verify.

Sync Amazon Q information sources

To sync the information supply, full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Select Information Sources below Enhancements within the navigation pane.
3. From the Information sources checklist, choose the information supply you created via the CloudFormation template.
4. Select Sync now to sync the information supply.

It takes a while to sync with the information supply. Wait till the sync standing is Accomplished.

Create an Amazon Q customized plugin

On this part, you create the Amazon Q customized plugin for sending emails. Full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Beneath Enhancements within the navigation pane, select Plugins.
3. Select Add plugin.

4. Select Create customized plugin.
5. For Plugin title, enter a reputation (for instance, email-plugin).
6. For Description, enter an outline.
7. Choose Outline with in-line OpenAPI schema editor.

You can too add API schemas to Amazon S3 by selecting Choose from S3. That might be one of the best ways to add for manufacturing use circumstances.

Your API schema should have an API description, construction, and parameters in your customized plugin.

8. Choose JSON for the schema format.
9. Enter the next schema, offering your API Gateway invoke URL and Amazon Cognito area URL:

{
    "openapi": "3.0.0",
    "information": {
        "title": "Ship E-mail API",
        "description": "API to ship e-mail from SES",
        "model": "1.0.0"
    },
    "servers": [
        {
            "url": "< API Gateway Invoke URL >"
        }
    ],
    "paths": {
        "/": {
            "put up": {
                "abstract": "ship e-mail to the consumer and returns the success message",
                "description": "ship e-mail to the consumer and returns the success message",
                "safety": [
                    {
                        "OAuth2": [
                            "email/read"
                        ]
                    }
                ],
                "requestBody": {
                    "required": true,
                    "content material": {
                        "utility/json": {
                            "schema": {
                                "$ref": "#/elements/schemas/sendEmailRequest"
                            }
                        }
                    }
                },
                "responses": {
                    "200": {
                        "description": "Profitable response",
                        "content material": {
                            "utility/json": {
                                "schema": {
                                    "$ref": "#/elements/schemas/sendEmailResponse"
                                }
                            }
                        }
                    }
                }
            }
        }
    },
    "elements": {
        "schemas": {
            "sendEmailRequest": {
                "kind": "object",
                "required": [
                                "emailContent",
                                "toEmailAddress",
                                "fromEmailAddress"

                ],
                "properties": {
                    "emailContent": {
                        "kind": "string",
                        "description": "Physique of the e-mail."
                    },
                    "toEmailAddress": {
                      "kind": "string",
                      "description": "To e-mail tackle."
                    },
                    "fromEmailAddress": {
                          "kind": "string",
                          "description": "To e-mail tackle."
                    }
                }
            },
            "sendEmailResponse": {
                "kind": "object",
                "properties": {
                    "message": {
                        "kind": "string",
                        "description": "Success or failure message."
                    }
                }
            }
        },
        "securitySchemes": {
            "OAuth2": {
                "kind": "oauth2",
                "description": "OAuth2 consumer credentials stream.",
                "flows": {
                    "authorizationCode": {
                        "authorizationUrl": "<Cognito Area>/oauth2/authorize",
                        "tokenUrl": "<Cognito Area>/oauth2/token",
                        "scopes": {
                            "e-mail/learn": "learn the e-mail"    
                        }
                    }
                }      
            }
        }
    }
}    

10. Beneath Authentication, choose Authentication required.
11. For AWS Secrets and techniques Supervisor secret, select Create and add new secret.

12. Within the Create an AWS Secrets and techniques Supervisor secret pop-up, enter the next values captured earlier from Amazon Cognito:
    1. Consumer ID
    2. Consumer secret
    3. OAuth callback URL

13. For Select a way to authorize Amazon Q Enterprise, go away the default choice as Create and use a brand new service function.
14. Select Add plugin so as to add your plugin.

Watch for the plugin to be created and the construct standing to indicate as Prepared.

The utmost dimension of an OpenAPI schema in JSON or YAML is 1 MB.

To maximise accuracy with the Amazon Q Enterprise customized plugin, comply with the greatest practices for configuring OpenAPI schema definitions for customized plugins.

Check the answer

To check the answer, full the next steps:

1. On the Amazon Q Enterprise console, navigate to your utility.
2. Within the Internet expertise settings part, discover the deployed URL.
3. Open the net expertise deployed URL.
4. Use the credentials of the consumer created earlier in IAM Id Heart to log in to the net expertise.

5. Select the specified multi-factor authentication (MFA) system to register. For extra data, see Register an MFA system for customers.
6. After you log in to the net portal, select the suitable utility to open the chat interface.

7. Within the Amazon Q portal, enter “summarize attendance and go away coverage of the corporate.”

Amazon Q Enterprise supplies solutions to your questions from the uploaded paperwork.

Now you can e-mail this dialog utilizing the customized plugin constructed earlier.

8. On the choices menu (three vertical dots), select Use a Plugin to see the email-plugin created earlier.

9. Select email-plugin and enter “E-mail the abstract of this dialog.”
10. Amazon Q will ask you to offer the e-mail tackle to ship the dialog. Present the verified identification configured as a part of the CloudFormation template.

11. After you enter your e-mail tackle, the authorization web page seems. Enter your Amazon Cognito consumer e-mail ID and password to authenticate and select Sign up.

This step verifies that you just’re a licensed consumer.

The e-mail will probably be despatched to the required inbox.

You possibly can additional personalize the emails through the use of e-mail templates.

Securing the answer

Safety is a shared duty mannequin between you and AWS and is described as safety of the cloud vs. safety in the cloud. Take into account the next greatest practices:

• To construct a safe e-mail utility, we advocate you comply with greatest practices for Safety, Id & Compliance to assist shield delicate data and keep consumer belief.
• For entry management, we advocate that you just shield AWS account credentials and arrange particular person customers with IAM Id Heart or IAM.
• You possibly can retailer buyer information securely and encrypt delicate data at relaxation utilizing AWS managed keys or buyer managed keys.
• You possibly can implement logging and monitoring techniques to detect and reply to suspicious actions promptly.
• Amazon Q Enterprise may be configured to assist meet your safety and compliance targets.
• You possibly can keep compliance with related information safety rules, corresponding to GDPR or CCPA, by implementing correct information dealing with and retention insurance policies.
• You possibly can implement guardrails to outline world controls and topic-level controls in your utility surroundings.
• You possibly can allow AWS Protect in your community to assist forestall DDOS assaults.
• You must comply with greatest practices of Amazon Q entry management checklist (ACL) crawling to assist shield your online business information. For extra particulars, see Allow or disable ACL crawling safely in Amazon Q Enterprise.
• We advocate utilizing the aws:SourceArn and aws:SourceAccount world situation context keys in useful resource insurance policies to restrict the permissions that Amazon Q Enterprise offers one other service to the useful resource. For extra data, confer with Cross-service confused deputy prevention.

By combining these safety measures, you may create a strong and reliable utility that protects each your online business and your prospects’ data.

Clear up

To keep away from incurring future fees, delete the sources that you just created and clear up your account. Full the next steps:

1. Empty the contents of the S3 bucket that was created as a part of the CloudFormation stack.
2. Delete the Lambda operate UpdateKMSKeyPolicyFunction that was created as part of the CloudFormation stack.
3. Delete the CloudFormation stack.
4. Delete the identities in Amazon SES.
5. Delete the Amazon Q Enterprise utility.

Conclusion

The mixing of Amazon Q Enterprise, a state-of-the-art generative AI-powered assistant, with Amazon SES, a strong e-mail service supplier, unlocks new prospects for companies to harness the ability of generative AI. By seamlessly connecting these applied sciences, organizations can’t solely achieve productive insights from your online business information, but additionally e-mail them to their inbox.

Able to supercharge your crew’s productiveness? Empower your staff with Amazon Q Enterprise in the present day! Unlock the potential of customized plugins and seamless e-mail integration. Don’t let precious conversations slip away—you may seize and share insights effortlessly. Moreover, discover our library of built-in plugins.

Keep updated with the newest developments in generative AI and begin constructing on AWS. For those who’re looking for help on easy methods to start, take a look at the AWS Generative AI Innovation Heart.

In regards to the Authors

Sujatha Dantuluri is a seasoned Senior Options Architect within the US federal civilian crew at AWS, with over twenty years of expertise supporting business and federal authorities purchasers. Her experience lies in architecting mission-critical options and dealing carefully with prospects to make sure their success. Sujatha is an achieved public speaker, steadily sharing her insights and information at trade occasions and conferences. She has contributed to IEEE requirements and is captivated with empowering others via her participating shows and thought-provoking concepts.

NagaBharathi Challa is a options architect supporting Division of Protection crew at AWS. She works carefully with prospects to successfully use AWS companies for his or her mission use circumstances, offering architectural greatest practices and steering on a variety of companies. Outdoors of labor, she enjoys spending time with household and spreading the ability of meditation.

Pranit Raje is a Options Architect within the AWS India crew. He works with ISVs in India to assist them innovate on AWS. He makes a speciality of DevOps, operational excellence, infrastructure as code, and automation utilizing DevSecOps practices. Outdoors of labor, he enjoys happening lengthy drives together with his beloved household, spending time with them, and watching films.

Dr Anil Giri is a Options Architect at Amazon Internet Companies. He works with enterprise software program and SaaS prospects to assist them construct generative AI purposes and implement serverless architectures on AWS. His focus is on guiding purchasers to create progressive, scalable options utilizing cutting-edge cloud applied sciences.