Unlock the information in your Slack workspace with Slack connector for Amazon Q Enterprise

Amazon Q Enterprise is a completely managed, generative AI-powered assistant that you may configure to reply questions, present summaries, generate content material, and full duties based mostly in your enterprise information. Amazon Q Enterprise gives over 40 built-in connectors to in style enterprise functions and doc repositories, together with Amazon Easy Storage Service (Amazon S3), Salesforce, Google Drive, Microsoft 365, ServiceNow, Gmail, Slack, Atlassian, and Zendesk and may also help you create your generative AI answer with minimal configuration.

Practically 100 thousand organizations use Slack to convey the suitable individuals collectively to securely collaborate with one another. A Slack workspace captures invaluable organizational information within the type of the knowledge that flows via it because the customers talk on it. Therefore, it’s priceless to make this information shortly and securely accessible to the customers.

On this put up, we are going to show tips on how to arrange Slack connector for Amazon Q Enterprise to sync communications from each private and non-private channels, reflective of consumer permissions. We can even information you thru the configurations wanted in your Slack workspace. Moreover, you’ll learn to configure the Amazon Q Enterprise software and allow consumer authentication via AWS IAM Identification Heart, which is a advisable service for managing a workforce’s entry to AWS functions.

Information supply overview

Amazon Q Enterprise makes use of massive language fashions (LLMs) to construct a unified answer that connects a number of information sources. Sometimes, you’d want to make use of a pure language processing (NLP) method known as Retrieval Augmented Technology (RAG) for this. With RAG, generative AI enhances its responses by incorporating related data retrieved from a curated dataset. Amazon Q Enterprise has a built-in managed RAG functionality designed to cut back the undifferentiated heavy lifting concerned in creating these programs. Typical of a RAG mannequin, Amazon Q Enterprise has two parts: A retrieval element that retrieves related paperwork for the consumer question and a era element that takes the question and the retrieved paperwork after which generates a solution to the question utilizing an LLM.

A Slack workspace has a number of components. It has public channels the place workspace customers can take part and personal channels the place solely channel members can talk with one another. People may also straight talk with one another in one-on-one conversations and in consumer teams. This communication is within the type of messages and threads of replies, with optionally available doc attachments. Slack workspaces of lively organizations are extremely dynamic, with the content material and collaboration evolving and rising in quantity repeatedly.

The previous determine exhibits the method movement of the answer. While you join Amazon Q Enterprise to an information supply (on this case, Slack), what Amazon Q considers and crawls as a doc varies by connector. For the Amazon Q Enterprise Slack connector, every message, message attachment and channel put up is taken into account a single doc, Nonetheless, Slack dialog threads that make it easier to create organized discussions round particular messages are additionally thought-about and ingested as a single doc, whatever the variety of individuals or messages they include.

Amazon Q Enterprise crawls entry management checklist (ACL) data connected to a doc (consumer and group data) out of your Slack occasion. This data can be utilized to filter chat responses to the consumer’s doc entry stage. The Slack connector helps token-based authentication. This might be a Slack bot consumer OAuth token or Slack consumer OAuth token. See the Slack connector overview to get the checklist of entities which might be extracted, supported filters, sync modes, and file varieties.

Consumer IDs (_user_id) exist in Slack on messages and channels the place there are set entry permissions. They’re mapped from the consumer emails because the IDs in Slack.

To attach your information supply connector to Amazon Q Enterprise, it’s essential to give Amazon Q Enterprise an IAM function that has the next permissions:

• Permission to entry the BatchPutDocument and BatchDeleteDocument operations to ingest paperwork.
• Permission to entry the Consumer Retailer API operations to ingest consumer and group entry management data from paperwork.
• Permission to entry your AWS Secrets and techniques Supervisor secret to authenticate your information supply connector occasion.
• (Non-compulsory) If you happen to’re utilizing Amazon Digital Personal Cloud (Amazon VPC), permission to entry your Amazon VPC.

Resolution overview

On this answer, we are going to present you tips on how to create a Slack workspace with customers who carry out numerous roles inside the group. We are going to then present you tips on how to configure this workspace to outline a set of scopes which might be required by the Amazon Q Enterprise Slack connector to index the consumer communication. This will probably be adopted by the configuration of the Amazon Q Enterprise software and a Slack information supply. Primarily based on the configuration, when the info supply is synchronized, the connector both crawls and indexes the content material from the workspace that was created on or earlier than a particular date. The connector additionally collects and ingests ACL data for every listed message and doc. Thus, the search outcomes of a question made by a consumer consists of outcomes solely from these paperwork that the consumer is allowed to learn.

Conditions

To construct the Amazon Q Enterprise connector for Slack, you want the next:

In Slack:

• Create a Slack bot consumer OAuth token or Slack consumer OAuth token. You possibly can select both token to attach Amazon Q Enterprise to your Slack information supply. See the Slack documentation on access tokens for extra data.
• Observe your Slack workspace staff ID out of your Slack workspace most important web page URL. For instance, https://app.slack.com/consumer/T0123456789/... the place T0123456789 is the staff ID.
• Add the OAuth scopes and skim permissions.

In your AWS account:

• Create an AWS Identification and Entry Administration (IAM) function on your information supply and, if utilizing the Amazon Q Enterprise API, observe the ARN of the IAM function.
• Retailer your Slack authentication credentials in an AWS Secrets and techniques Supervisor secret and, if utilizing the Amazon Q Enterprise API, observe the ARN of the key.
• Allow and configure an IAM Identification Heart occasion. Amazon Q Enterprise integrates with IAM Identification Heart as a gateway to handle consumer entry to your Amazon Q Enterprise software. We advocate enabling and pre-configuring an Identification Heart occasion earlier than you start to create your Amazon Q Enterprise software. Identification Heart is the advisable AWS service for managing human consumer entry to AWS sources. Amazon Q Enterprise helps each group and account stage Identification Heart cases. See Establishing for Amazon Q Enterprise for extra data.

Configure your Slack workspace

You’ll create one consumer for every of the next roles: Administrator, Information scientist, Database administrator, Options architect and Generic.

To showcase the ACL propagation, you’ll create three public channels, #common, #customerwork, and #random, that any member can entry together with the Generic consumer. Additionally, one non-public channel, #anydepartment-project-private, that may be accessed solely by the customers arnav_desai, john_stiles, mary_major, and pat_candella.

To create a Slack app:

1. Navigate to the Slack API Your Apps web page and select Create New App.
   
2. Choose From scratch. Within the subsequent display, choose the workspace to develop your app, after which select Create an App.
   
3. Give the Slack app a reputation and choose a workspace to develop your app in. Then select Create App.
   
4. After you’ve created your app, choose it and navigate to Options and select OAuth & Permissions.
5. Scroll all the way down to Scopes > Consumer Token Scopes and set the OAuth scope based mostly on the consumer token scopes in Conditions for connecting Amazon Q Enterprise to Slack.
   

Observe: You possibly can configure two kinds of scopes in a Slack workspace:

1. Bot token scope: Solely the messages to which it has been explicitly added are crawled by the bot token. It’s employed to grant restricted entry to particular messages solely.
2. Consumer token scope: Solely the info shared with the member is accessible to the consumer token, which acts as a consultant of a Slack consumer.

For this instance, so you may search on the conversations between customers, you’ll use the consumer token scope.

6. After the OAuth scope for yser token has been arrange as described within the Slack stipulations, scroll as much as the part OAuth Tokens on your Workspace, and select Set up to Workspace, after which select Permit.
7. This can generate a consumer OAuth token. Copy this token to make use of when configuring the Amazon Q Enterprise Slack connector.
   

Configure the info supply utilizing the Amazon Q Enterprise Slack connector

On this part, you’ll create an Amazon Q Enterprise software utilizing the console.

To create an Amazon Q Enterprise software

1. Within the AWS Administration Console for Amazon Q Enterprise, select Create Software.
   
2. Enter an Software Identify, similar to my-slack-workspace. Go away the Service entry because the default worth, and choose AWS IAM Identification Heart for Entry Administration . Enter a brand new Tag worth as required and select Create to the Amazon Q Enterprise Software.
   
3. Go away the default choice of Use Native retriever chosen for Retrievers, go away Enterprise because the Index provisioning and go away the default worth of 1 because the Variety of items. Every unit in Amazon Q Enterprise index is 20,000 paperwork or 200 MB of extracted textual content (whichever comes first). Select Subsequent.
   
4. Scroll down the checklist of accessible connectors and choose Slack after which select Subsequent.
   
   1. Enter a Information supply identify and a Description to establish your information supply after which enter the Slack workspace staff ID to attach with Amazon Q Enterprise.
      
   2. Within the Authentication part, choose Create and add a brand new secret.
      
   3. On the dialog field that seems, enter a Secret identify adopted by the Consumer OAuth Slack token that was copied from the Slack workspace.
      
   4. For the IAM function, choose Create a brand new service function (Advisable).
      
   5. In Sync scope, select the next:
      • For choose sort of content material to crawl, choose All channels.
      • Choose an acceptable date for Choose crawl begin date.
      • Go away the default worth chosen for Most file dimension as 50.
      • You possibly can embody particular Messages, similar to bot messages or archived messages to sync.
      • Moreover, you may embody as much as 100 patterns to incorporate or exclude filenames, varieties, or file paths to sync.

      

   6. For Sync mode, go away Full sync chosen and for the Sync run schedule, choose Run on demand.
      
   7. Go away the sphere mapping as is and select Add information supply.
   8. On the subsequent web page, select Subsequent.
5. Add the 5 customers you created earlier, who’re part of IAM Identification Heart and the Slack workspace to the Amazon Q Enterprise software. So as to add customers to Identification Heart, observe the directions in Add customers to your Identification Heart listing. When finished, select Add teams and customers and select Assign.
   
6. When a consumer is added, every consumer is assigned the default Q Enterprise Professional For extra data on completely different pricing tiers, see the Amazon Q Enterprise pricing web page.
   
7. Select Create software to complete creating the Amazon Q Enterprise software.
8. After the appliance and the info supply are created, choose the info supply after which select Sync now to begin syncing paperwork out of your information supply.
   
9. The sync course of ingests the paperwork out of your Slack workspace to your choices within the Slack connector configuration in Amazon Q Enterprise. The next screenshot exhibits the outcomes of a profitable sync, indicated by the standing of Accomplished.
   

Search with Amazon Q Enterprise

Now, you’re able to make just a few queries in Amazon Q Enterprise.

To look utilizing Amazon Q Enterprise:

1. Navigate to the Internet expertise settings tab and click on on the Deployed URL.
2. For this demonstration, register as pat_candella who has the function of DB Admin.
   
3. Enter the password for pat_candella and select Register
   
4. Upon profitable sign-in, you may be signed in to Amazon Q Enterprise.
   
5. Within the Slack workspace, there’s a public channel, the #customerwork channel that every one customers are members of. The #customerwork Slack channel is getting used to speak about an upcoming buyer engagement, as proven within the following determine.
   
6. Publish the primary query to Amazon Q Enterprise.

I'm at the moment utilizing Apache Kafka. Are you able to checklist excessive stage steps concerned in migration to Amazon MSK?

Observe that the response consists of citations that consult with the dialog in addition to the content material of the PDF that was connected to the dialog.

Safety and privateness choices with Slack information connector

Subsequent, you’ll create a private channel known as #anydepartment-project-private with 4 out of the 5 customers—arnav_desai, john_stiles, mary_major and pat_candella—and confirm that the messages exchanged in a personal channel aren’t accessible to non-members like jane_doe. Observe that after you create a brand new non-public channel, it’s worthwhile to manually re-run the sync on the info supply.

The under screenshot exhibits the non-public slack channel with 4 out of 5 customers and the slack dialog.

Testing safety and privateness choices with Slack information connector

1. Whereas signed in as pat_candella, who’s a part of the non-public #anydepartment-project-private channel, execute the next question:

   What's Amazon Kendra and which API do I take advantage of to question a Kendra index?

   

2. Now, register as jane_doe, who just isn’t a member of the #anydepartment-project-private channel and execute the identical question.
   
3. Amazon Q Enterprise prevents jane_doe from getting insights from data inside the non-public channels that they aren’t a part of, based mostly on the synced ACL data.

fields LogLevel, DocumentId, DocumentTitle, CrawlAction, ConnectorDocumentStatus.Standing as ConnectorDocumentStatus, ErrorMsg, CrawlStatus.Standing as CrawlStatus, SyncStatus.Standing as SyncStatus, IndexStatus.Standing as IndexStatus, SourceUri, Acl, Metadata, HashedDocumentId, @timestamp

| filter @logStream like 'SYNC_RUN_HISTORY_REPORT/xxxxxxxxxxxxxxxxxxxxxxxx' and Metadata like /"stringValue":"C12AB34578"/

| kind @timestamp desc

| restrict 10000