As organizations navigate the complexities of the digital realm, generative AI has emerged as a transformative pressure, empowering enterprises to reinforce productiveness, streamline workflows, and drive innovation. To maximise the worth of insights generated by generative AI, it’s essential to offer easy methods for customers to protect and share these insights utilizing generally used instruments comparable to e-mail.
Amazon Q Enterprise is a generative AI-powered assistant that may reply questions, present summaries, generate content material, and securely full duties based mostly on knowledge and knowledge in your enterprise methods. It’s redefining the best way companies strategy data-driven decision-making, content material technology, and safe activity administration. Through the use of the customized plugin functionality of Amazon Q Enterprise, you’ll be able to prolong its performance to help sending emails instantly from Amazon Q functions, permitting you to retailer and share the dear insights gleaned out of your conversations with this highly effective AI assistant.
Amazon Easy E mail Service (Amazon SES) is an e-mail service supplier that gives a easy, cost-effective approach so that you can ship and obtain e-mail utilizing your individual e-mail addresses and domains. Amazon SES provides many e-mail instruments, together with e-mail sender configuration choices, e-mail deliverability instruments, versatile e-mail deployment choices, sender and id administration, e-mail safety, e-mail sending statistics, e-mail popularity dashboard, and inbound e-mail providers.
This submit explores how one can combine Amazon Q Enterprise with Amazon SES to e-mail conversations to specified e-mail addresses.
Answer overview
The next diagram illustrates the answer structure.
The workflow consists of the next steps:
- Create an Amazon Q Enterprise utility with an Amazon Easy Storage Service (Amazon S3) knowledge supply. Amazon Q makes use of Retrieval Augmented Era (RAG) to reply consumer questions.
- Configure an AWS IAM Identification Middle occasion in your Amazon Q Enterprise utility setting with customers and teams added. Amazon Q Enterprise helps each organization- and account-level IAM Identification Middle situations.
- Create a customized plugin that invokes an OpenAPI schema of the Amazon API Gateway This API sends emails to the customers.
- Retailer OAuth info in AWS Secrets and techniques Supervisor and supply the key info to the plugin.
- Present AWS Identification Supervisor and Entry Administration (IAM) roles to entry the secrets and techniques in Secrets and techniques Supervisor.
- The customized plugin takes the consumer to an Amazon Cognito sign-in web page. The consumer supplies credentials to log in. After authentication, the consumer session is saved within the Amazon Q Enterprise utility for subsequent API calls.
- Submit-authentication, the customized plugin will go the token to API Gateway to invoke the API.
- You possibly can assist safe your API Gateway REST API from frequent internet exploits, comparable to SQL injection and cross-site scripting (XSS) assaults, utilizing AWS WAF.
- AWS Lambda hosted in Amazon Digital Non-public Cloud (Amazon VPC) internally calls the Amazon SES SDK.
- Lambda makes use of AWS Identification and Entry Administration (IAM) permissions to make an SDK name to Amazon SES.
- Amazon SES sends an e-mail utilizing SMTP to verified emails supplied by the consumer.
Within the following sections, we stroll by way of the steps to deploy and take a look at the answer. This resolution is supported solely within the us-east-1
AWS Area.
Stipulations
Full the next stipulations:
- Have a sound AWS account.
- Allow an IAM Identification Middle occasion and seize the Amazon Useful resource Identify (ARN) of the IAM Identification Middle occasion from the settings web page.
- Add customers and teams to IAM Identification Middle.
- Have an IAM position within the account that has ample permissions to create the required assets. When you’ve got administrator entry to the account, no motion is critical.
- Allow Amazon CloudWatch Logs for API Gateway. For extra info, see How do I turn on CloudWatch Logs to troubleshoot my API Gateway REST API or WebSocket API?
- Have two e-mail addresses to ship and obtain emails which you can confirm utilizing the hyperlink despatched to you. Don’t use current verified identities in Amazon SES for these e-mail addresses. In any other case, the AWS CloudFormation template will fail.
- Have an Amazon Q Enterprise Professional subscription to create Amazon Q apps.
- Have the service-linked IAM position
AWSServiceRoleForQBusiness
. When you don’t have one, create it with the amazonaws.com service title. - Allow AWS CloudTrail logging for operational and threat auditing. For directions, see Making a path in your AWS account.
- Allow finances coverage notifications to assist defend from undesirable billing.
Deploy the answer assets
On this step, we use a CloudFormation template to deploy a Lambda operate, configure the REST API, and create identities. Full the next steps:
- Open the AWS CloudFormation console within the
us-east-1
- Select Create stack.
- Obtain the CloudFormation template and add it within the Specify template
- Select Subsequent.
- For Stack title, enter a reputation (for instance,
QIntegrationWithSES
). - Within the Parameters part, present the next:
- For IDCInstanceArn, enter your IAM Identification Middle occasion ARN.
- For LambdaName, enter the title of your Lambda operate.
- For Fromemailaddress, enter the tackle to ship e-mail.
- For Toemailaddress, enter the tackle to obtain e-mail.
- Select Subsequent.
- Maintain the opposite values as default and choose I acknowledge that AWS CloudFormation would possibly create IAM assets within the Capabilities
- Select Submit to create the CloudFormation stack.
- After the profitable deployment of the stack, on the Outputs tab, make an observation of the worth for
apiGatewayInvokeURL
. You will have this later to create a customized plugin.
Verification emails will likely be despatched to the Toemailaddress
and Fromemailaddress
values supplied as enter to the CloudFormation template.
- Confirm the newly created e-mail identities utilizing the hyperlink within the e-mail.
This submit doesn’t cowl auto scaling of Lambda capabilities. For extra details about the best way to combine Lambda with Software Auto Scaling, see AWS Lambda and Software Auto Scaling.
To configure AWS WAF on API Gateway, discuss with Use AWS WAF to guard your REST APIs in API Gateway.
That is pattern code, for non-production utilization. You must work along with your safety and authorized groups to satisfy your organizational safety, regulatory, and compliance necessities earlier than deployment.
Create Amazon Cognito customers
This resolution makes use of Amazon Cognito to authorize customers to make a name to API Gateway. The CloudFormation template creates a brand new Amazon Cognito consumer pool.
Full the next steps to create a consumer within the newly created consumer pool and seize details about the consumer pool:
- On the AWS CloudFormation console, navigate to the stack you created.
- On the Sources tab, select the hyperlink subsequent to the bodily ID for
CognitoUserPool
.
- On the Amazon Cognito console, select Person administration and customers within the navigation pane.
- Select Create consumer.
- Enter an e-mail tackle and password of your selection, then select Create consumer.
- Within the navigation pane, select Purposes and app purchasers.
- Seize the consumer ID and consumer secret. You will have these later throughout customized plugin growth.
- On the Login pages tab, copy the values for Allowed callback URLs. You will have these later throughout customized plugin growth.
- Within the navigation pane, select Branding.
- Seize the Amazon Cognito area. You will have this info to replace OpenAPI specs.
Add paperwork to Amazon S3
This resolution makes use of the absolutely managed Amazon S3 knowledge supply to seamlessly energy a RAG workflow, eliminating the necessity for customized integration and knowledge circulate administration.
For this submit, we use sample articles to add to Amazon S3. Full the next steps:
- On the AWS CloudFormation console, navigate to the stack you created.
- On the Sources tab, select the hyperlink for the bodily ID of
AmazonQDataSourceBucket
.
- Add the pattern articles file to the S3 bucket. For directions, see Importing objects.
Add customers to the Amazon Q Enterprise utility
Full the next steps so as to add customers to the newly created Amazon Q enterprise utility:
- On the Amazon Q Enterprise console, select Purposes within the navigation pane.
- Select the applying you created utilizing the CloudFormation template.
- Underneath Person entry, select Handle consumer entry.
- On the Handle entry and subscriptions web page, select Add teams and customers.
- Choose Assign current customers and teams, then select Subsequent.
- Seek for your IAM Identification Middle consumer group.
- Select the group and select Assign so as to add the group and its customers.
- Be sure that the present subscription is Q Enterprise Professional.
- Select Verify.
Sync Amazon Q knowledge sources
To sync the information supply, full the next steps:
- On the Amazon Q Enterprise console, navigate to your utility.
- Select Information Sources below Enhancements within the navigation pane.
- From the Information sources checklist, choose the information supply you created by way of the CloudFormation template.
- Select Sync now to sync the information supply.
It takes a while to sync with the information supply. Wait till the sync standing is Accomplished.
Create an Amazon Q customized plugin
On this part, you create the Amazon Q customized plugin for sending emails. Full the next steps:
- On the Amazon Q Enterprise console, navigate to your utility.
- Underneath Enhancements within the navigation pane, select Plugins.
- Select Add plugin.
- Select Create customized plugin.
- For Plugin title, enter a reputation (for instance,
email-plugin
). - For Description, enter an outline.
- Choose Outline with in-line OpenAPI schema editor.
You can too add API schemas to Amazon S3 by selecting Choose from S3. That will be one of the simplest ways to add for manufacturing use instances.
Your API schema should have an API description, construction, and parameters in your customized plugin.
- Choose JSON for the schema format.
- Enter the next schema, offering your API Gateway invoke URL and Amazon Cognito area URL:
{
"openapi": "3.0.0",
"data": {
"title": "Ship E mail API",
"description": "API to ship e-mail from SES",
"model": "1.0.0"
},
"servers": [
{
"url": "< API Gateway Invoke URL >"
}
],
"paths": {
"/": {
"submit": {
"abstract": "ship e-mail to the consumer and returns the success message",
"description": "ship e-mail to the consumer and returns the success message",
"safety": [
{
"OAuth2": [
"email/read"
]
}
],
"requestBody": {
"required": true,
"content material": {
"utility/json": {
"schema": {
"$ref": "#/parts/schemas/sendEmailRequest"
}
}
}
},
"responses": {
"200": {
"description": "Profitable response",
"content material": {
"utility/json": {
"schema": {
"$ref": "#/parts/schemas/sendEmailResponse"
}
}
}
}
}
}
}
},
"parts": {
"schemas": {
"sendEmailRequest": {
"sort": "object",
"required": [
"emailContent",
"toEmailAddress",
"fromEmailAddress"
],
"properties": {
"emailContent": {
"sort": "string",
"description": "Physique of the e-mail."
},
"toEmailAddress": {
"sort": "string",
"description": "To e-mail tackle."
},
"fromEmailAddress": {
"sort": "string",
"description": "To e-mail tackle."
}
}
},
"sendEmailResponse": {
"sort": "object",
"properties": {
"message": {
"sort": "string",
"description": "Success or failure message."
}
}
}
},
"securitySchemes": {
"OAuth2": {
"sort": "oauth2",
"description": "OAuth2 consumer credentials circulate.",
"flows": {
"authorizationCode": {
"authorizationUrl": "<Cognito Area>/oauth2/authorize",
"tokenUrl": "<Cognito Area>/oauth2/token",
"scopes": {
"e-mail/learn": "learn the e-mail"
}
}
}
}
}
}
}
- Underneath Authentication, choose Authentication required.
- For AWS Secrets and techniques Supervisor secret, select Create and add new secret.
- Within the Create an AWS Secrets and techniques Supervisor secret pop-up, enter the next values captured earlier from Amazon Cognito:
- Consumer ID
- Consumer secret
- OAuth callback URL
- For Select a way to authorize Amazon Q Enterprise, go away the default choice as Create and use a brand new service position.
- Select Add plugin so as to add your plugin.
Watch for the plugin to be created and the construct standing to point out as Prepared.
The utmost dimension of an OpenAPI schema in JSON or YAML is 1 MB.
To maximise accuracy with the Amazon Q Enterprise customized plugin, comply with the perfect practices for configuring OpenAPI schema definitions for customized plugins.
Check the answer
To check the answer, full the next steps:
- On the Amazon Q Enterprise console, navigate to your utility.
- Within the Net expertise settings part, discover the deployed URL.
- Open the online expertise deployed URL.
- Use the credentials of the consumer created earlier in IAM Identification Middle to log in to the online expertise.
- Select the specified multi-factor authentication (MFA) machine to register. For extra info, see Register an MFA machine for customers.
- After you log in to the online portal, select the suitable utility to open the chat interface.
- Within the Amazon Q portal, enter “summarize attendance and go away coverage of the corporate.”
Amazon Q Enterprise supplies solutions to your questions from the uploaded paperwork.
Now you can e-mail this dialog utilizing the customized plugin constructed earlier.
- On the choices menu (three vertical dots), select Use a Plugin to see the email-plugin created earlier.
- Select email-plugin and enter “E mail the abstract of this dialog.”
- Amazon Q will ask you to offer the e-mail tackle to ship the dialog. Present the verified id configured as a part of the CloudFormation template.
- After you enter your e-mail tackle, the authorization web page seems. Enter your Amazon Cognito consumer e-mail ID and password to authenticate and select Sign up.
This step verifies that you simply’re a licensed consumer.
The e-mail will likely be despatched to the required inbox.
You possibly can additional personalize the emails by utilizing e-mail templates.
Securing the answer
Safety is a shared accountability mannequin between you and AWS and is described as safety of the cloud vs. safety in the cloud. Consider the next finest practices:
- To construct a safe e-mail utility, we suggest you comply with finest practices for Safety, Identification & Compliance to assist defend delicate info and preserve consumer belief.
- For entry management, we suggest that you simply defend AWS account credentials and arrange particular person customers with IAM Identification Middle or IAM.
- You possibly can retailer buyer knowledge securely and encrypt delicate info at relaxation utilizing AWS managed keys or buyer managed keys.
- You possibly can implement logging and monitoring methods to detect and reply to suspicious actions promptly.
- Amazon Q Enterprise could be configured to assist meet your safety and compliance targets.
- You possibly can preserve compliance with related knowledge safety rules, comparable to GDPR or CCPA, by implementing correct knowledge dealing with and retention insurance policies.
- You possibly can implement guardrails to outline world controls and topic-level controls in your utility setting.
- You possibly can allow AWS Defend in your community to assist stop DDOS assaults.
- You must comply with finest practices of Amazon Q entry management checklist (ACL) crawling to assist defend what you are promoting knowledge. For extra particulars, see Allow or disable ACL crawling safely in Amazon Q Enterprise.
- We suggest utilizing the
aws:SourceArn
andaws:SourceAccount
world situation context keys in useful resource insurance policies to restrict the permissions that Amazon Q Enterprise offers one other service to the useful resource. For extra info, discuss with Cross-service confused deputy prevention.
By combining these safety measures, you’ll be able to create a sturdy and reliable utility that protects each what you are promoting and your clients’ info.
Clear up
To keep away from incurring future costs, delete the assets that you simply created and clear up your account. Full the next steps:
- Empty the contents of the S3 bucket that was created as a part of the CloudFormation stack.
- Delete the Lambda operate
UpdateKMSKeyPolicyFunction
that was created as part of the CloudFormation stack. - Delete the CloudFormation stack.
- Delete the identities in Amazon SES.
- Delete the Amazon Q Enterprise utility.
Conclusion
The mixing of Amazon Q Enterprise, a state-of-the-art generative AI-powered assistant, with Amazon SES, a sturdy e-mail service supplier, unlocks new potentialities for companies to harness the ability of generative AI. By seamlessly connecting these applied sciences, organizations can’t solely acquire productive insights from what you are promoting knowledge, but in addition e-mail them to their inbox.
Able to supercharge your staff’s productiveness? Empower your workers with Amazon Q Enterprise immediately! Unlock the potential of customized plugins and seamless e-mail integration. Don’t let beneficial conversations slip away—you’ll be able to seize and share insights effortlessly. Moreover, discover our library of built-in plugins.
Keep updated with the most recent developments in generative AI and begin constructing on AWS. When you’re searching for help on the best way to start, try the AWS Generative AI Innovation Middle.
Concerning the Authors
Sujatha Dantuluri is a seasoned Senior Options Architect within the US federal civilian staff at AWS, with over twenty years of expertise supporting business and federal authorities purchasers. Her experience lies in architecting mission-critical options and dealing carefully with clients to make sure their success. Sujatha is an achieved public speaker, steadily sharing her insights and data at trade occasions and conferences. She has contributed to IEEE requirements and is enthusiastic about empowering others by way of her participating shows and thought-provoking concepts.
NagaBharathi Challa is a options architect supporting Division of Protection staff at AWS. She works carefully with clients to successfully use AWS providers for his or her mission use instances, offering architectural finest practices and steering on a variety of providers. Exterior of labor, she enjoys spending time with household and spreading the ability of meditation.
Pranit Raje is a Options Architect within the AWS India staff. He works with ISVs in India to assist them innovate on AWS. He focuses on DevOps, operational excellence, infrastructure as code, and automation utilizing DevSecOps practices. Exterior of labor, he enjoys happening lengthy drives along with his beloved household, spending time with them, and watching films.
Dr Anil Giri is a Options Architect at Amazon Net Companies. He works with enterprise software program and SaaS clients to assist them construct generative AI functions and implement serverless architectures on AWS. His focus is on guiding purchasers to create modern, scalable options utilizing cutting-edge cloud applied sciences.