Embed the Amazon Fast Suite chat agent into your enterprise purposes

Organizations could face two vital challenges with conversational AI. First, customers want solutions the place they’re working, whether or not it is a CRM, help console, or analytics portal, somewhat than in a separate device. Second, implementing safe embedded chat in your software can require weeks of improvement to construct out authentication, token validation, area safety, and world supply infrastructure.

Embedded chat in Amazon Fast Suite solves the primary problem by bringing conversational AI straight into your purposes, permitting customers to question structured information, discover paperwork, and set off actions with out switching instruments.

This publish explains easy methods to remedy the second problem with a one-click deployment resolution that embeds chat brokers utilizing Fast Suite. Incorporating SDK Within the Enterprise Portal.

Resolution overview

This resolution deploys a safe internet portal for embedded chat utilizing Amazon CloudFront for world content material supply and Amazon Cognito for content material supply. OAuth 2.0 OpenID Join (OIDC) federation for identification integration with authentication, Amazon API Gateway for REST API endpoints, AWS Lambda for serverless API processing, and Fast Suite.

This resolution implements defense-in-depth safety with a number of layers of safety. DDoS safety in CloudFront, a non-public Amazon Easy Storage Service (Amazon S3) bucket with origin entry controls that forestall direct entry to front-end belongings, AWS WAF rate-limiting safety in API Gateway, and JSON internet token (JWT) signature validation utilizing Amazon Cognito public keys earlier than producing time-limited user-specific embedded URLs in least-privilege AWS Identification and Entry Administration (IAM). authority.

The next diagram exhibits the answer structure.

The workflow consists of the next steps:

1. Customers entry the online portal URL and path to CloudFront.
2. CloudFront makes use of origin entry controls to fetch HTML, CSS, and JavaScript information out of your personal S3 bucket.
3. The net software checks for a legitimate authentication token and redirects the unauthenticated consumer to an OAuth 2.0 login UI hosted on Amazon Cognito.
4. When customers enter their credentials on the Amazon Cognito login web page, their credentials are validated and they’re redirected to a CloudFront URL utilizing a one-time authorization code.
5. The appliance extracts the authorization code, makes an HTTPS API name to API Gateway, and passes AWS WAF charge limits.
6. API Gateway makes use of the authorization code to invoke your Lambda operate.
7. The Lambda operate makes a server-to-server HTTPS name to the Amazon Cognito OAuth token endpoint and exchanges authorization codes for JWT tokens (ID token, entry token, refresh token).
8. This operate makes use of the Amazon Cognito public key JSON Internet Key Set (JWKS) with thread-safe caching to confirm the cryptographic signature of the ID token.

Right here is an instance of a decoded JWT:

{"at_hash": "abcdefifB5vH2D0HEvLghi", "sub": "12345678-abcd-1234-efgh-123456789012", "email_verified": true, "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_EXAMPLE123", "cognito:username": "12345678-abcd-1234-efgh-123456789012", "origin_jti": "abcd1234-5678-90ef-ghij-klmnopqrstuv", "aud": "1a2b3c4d5e6f7g8h9i0j1k2l3m", "event_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "token_use": "id", "auth_time": 1704063600, "exp": 1704067200, "iat": 1704063600, "jti": "abcdef12-3456-7890-abcd-ef1234567890", "e mail": "user123@instance.com"}

9. The Lambda operate makes use of the verified ID token to name the AWS Safety Token Service (AWS STS) AssumeRoleWithWebIdentity API to imagine the IAM internet identification position and obtain short-term AWS credentials.
10. This operate calls the Fast Suite ListUsers API with short-term credentials to confirm that the consumer exists, after which calls the GenerateEmbedUrlForRegisteredUser API to generate a safe embed URL with area restrictions.
11. This operate returns an embedded URL in a JSON response that features cross-origin useful resource sharing (CORS) headers to CloudFront by means of API Gateway. Beneath is an instance of an embedded URL.

    {"ChatEmbedUrl": "https://us-east-1.quicksight.aws.amazon.com/embedding/abcdefe827dd4ef8b4e1fb921db046c4/fast/chat?code=Abcdef....&identityprovider=quicksight&isauthcode=true", "consumer": "user123@instance.com"}

12. CloudFront purposes use the Fast Suite Embedding SDK to create an embedding context utilizing safe cross-origin communication and to render the chat interface in an HTML iframe.

You’ll be able to deploy your resolution utilizing the next high-level steps:

1. Deploy serverless infrastructure utilizing the AWS Cloud Improvement Package (AWS CDK).
2. Provision customers with Amazon Cognito and Fast Suite.
3. Share Fast Suite belongings (chat brokers and associated connections, data base).
4. To make use of the Fast Suite Chat Agent, go to the online portal.

Conditions

The next conditions are required to deploy the answer described on this publish:

Deploy serverless infrastructure utilizing AWS CDK

To deploy serverless infrastructure utilizing AWS CDK, observe these steps.

1. create a clone GitHub repository:

git clone git@github.com:aws-samples/sample-quicksuite-chat-embedding.git 
cd sample-quicksuite-chat-embedding

2. Deploy your infrastructure.

You’re prompted to enter your AWS Area code, AWS CloudFormation stack ID and portal title, and AWS CLI profile.

Provision customers with Amazon Cognito and Fast Suite

To provision customers with Amazon Cognito and Fast Suite, observe these steps:

1. Create an Amazon Cognito consumer in your Amazon Cognito consumer pool.

python scripts/create_cognito_user.py --profile <aws-profile> <cognito-user-email>

2. Create a federated consumer in Fast Suite.

python scripts/create_quicksuite_user.py --profile <aws-profile> <cognito-user-email>

Share Fast Suite Chat Agent

To share your Fast Suite Chat Agent, observe these steps:

1. Sign up to the Fast Suite console utilizing credentials which have the Fast Suite Writer Professional position.
2. select chat agent within the navigation pane.
3. Choose the agent you need to share (similar to AnyCompany Ecom order Assistant) and share.

4. Seek for the username you created earlier (for instance: user123@instance.com).
5. select share.

After sharing this agent, you should additionally share every of the agent’s linked assets individually to see full performance.

Entry the online portal and use the Fast Suite chat agent

To entry the online portal and begin utilizing Chat Agent, observe these steps:

1. Discover your short-term password in your Amazon Cognito affirmation e mail.
2. Entry the CloudFront URL from an online browser utilizing your consumer ID and short-term password.
3. You may be requested to alter your password while you log in for the primary time.

After profitable login, you will notice the next my assistant within the chat interface.

4. Choose the area you need to connect with your customized Fast Suite chat agent.

5. To view chat brokers which were shared with you, shared with me underneath filter.

6. Choose your most popular agent and begin chatting.

The next screenshot exhibits a chat interplay between a customer support consultant monitoring an instance on-line order and processing a return in response to a telephone request from a verified buyer.

cleansing

To wash up your assets, delete your deployed AWS assets.

conclusion

This resolution addresses the core challenges of embedding conversational AI at scale: securing authentication for 1000’s of concurrent customers throughout places world wide, sustaining enterprise-grade safety with complete audit trails, and simplifying deployment with automated infrastructure provisioning. You’ll be able to customise your portal’s branding, regulate safety insurance policies, and combine together with your present identification supplier. Robotically scale to 1000’s of concurrent customers whereas sustaining pay-as-you-go pricing.

To do this resolution, GitHub repository Deploy your full infrastructure and embed the Fast Suite chat agent with one click on.

In regards to the writer

Satyanarayana Adimula is a senior builder of innovation and supply for AWS Generative AI. Leveraging over 20 years of knowledge and analytics experience, we concentrate on constructing agent AI programs that allow giant enterprises to automate complicated workflows, speed up decision-making, and obtain measurable enterprise outcomes.