# Chatting with Amazon Q Developer about AWS
**Introducing generative AI-based Q artifacts**
Amazon Q can now provide answers to questions with table and chart visualizations. A prompt library makes it easier to find example prompts. The Q experience is now more usable and useful. The Q icon has been relocated to the navigation bar. The Q chat panel now opens on the left side.
Chat with Amazon Q in the AWS Management Console, AWS Console Mobile Application, AWS website, AWS Documentation website, and chat applications to learn about AWS services.
You can ask Amazon Q about best practices, recommendations, step-by-step instructions for AWS tasks, and architecting your AWS resources and workflows. You can also ask about your AWS resources and account costs. Amazon Q additionally generates short scripts or code snippets to help you get started using the AWS SDKs and AWS CLI.
The following topics describe how to use Amazon Q chat and topics you can chat about.
**Topics**
+ [Using Q artifacts in Amazon Q](chat-artifacts.md)
+ [Add permissions](#add-permissions-chat)
+ [Start a conversation](#start-conversation)
+ [Manage conversations in the console](#manage-conversations-console)
+ [Navigate the Amazon Q chat panel](#navigate-amazon-q-chat-panel)
+ [Chat settings](#chat-settings)
+ [Example prompts](#example-questions)
+ [Chatting about your resources with Amazon Q Developer](chat-actions.md)
+ [Asking Amazon Q to troubleshoot your resources](chat-actions-troubleshooting.md)
+ [Chatting about your costs](chat-costs.md)
+ [Chatting about your network security](chat-network-security.md)
+ [Chatting about email sending](chat-email.md)
+ [Chatting about your telemetry and operations](chat-ops.md)
# Using Q artifacts in Amazon Q
Amazon Q artifacts enable Amazon Q to deliver responses enriched with table and chart visualizations. When you ask natural language questions about your resources, Amazon Q may display an artifact that helps you quickly understand your resources at a glance.
The Q experience is now more usable and useful. Access Q easily from the navigation bar next to search. The Q chat panel opens on the left and can expand to full screen. A new prompt library helps you discover useful example prompts.
To get started, ensure you have the required permissions, and then review the example prompts to get the most out of Amazon Q artifacts. For more information, see [Prerequisites](#chat-artifacts-prereqs) and [Example prompts](#chat-artifacts-example-prompts).
## Prerequisites
To view visualizations with Amazon Q see [Allow users to chat with Amazon Q](id-based-policy-examples-users.md#id-based-policy-examples-allow-chat) and [Chatting about your costs](chat-costs.md#cost-chat-getting-started).
## How it works
**Note**
All data associated with Amazon Q visualizations is saved in us-east-1.
**To view Q artifacts in Amazon Q in the AWS management Console:**
1. Sign in to the AWS Management Console.
1. Access Amazon Q by choosing the Q icon in the Unified Navigation bar.
1. Describe your task to Amazon Q using natural language. For example:
1. "List my running EC2 instances"
1. "Create a chart of my costs by region last month"
1. If Amazon Q determines a visual interface would be helpful, it automatically displays an artifact in a new panel next to Q chat with either a table or chart visualization.
1. If you are asking about resources, the panel will include:
1. A table with the resources you asked about, categorized based on any properties you specify.
1. Deep links to the resources that redirect you to the resource page in the service console.
1. If you are asking about cost and billing information with chart visualization, the panel will include a chart widget.
## Example prompts
The following categories and associated prompts are examples of the types of tasks you can complete with Amazon Q artifacts.
+ **View resource information ** – Visualize resource information in table or chart format.
+ **Get billing recommendations and forecasts** – Show me a line chart of my forecasted costs for the next 6 months, Graph RDS costs by instance type by month for the last 6 months.
+ **Security and compliance** – Check traffic and internet accessibility to EC2 resources, verify internet connectivity for EC2 instances across regions.
For a list of suggested use cases, choose the Amazon Q prompt library icon in the top-right of the Q chat panel and filter by table or visualization response type.
## Add permissions
For an IAM policy that grants permissions needed for chatting with Amazon Q, see [Allow users to chat with Amazon QAllow users to use Amazon Q CLI with AWS CloudShell](id-based-policy-examples-users.md#id-based-policy-examples-allow-chat).
## Start a conversation
To open up the Amazon Q chat panel in the AWS Management Console, choose the Amazon Q icon in the top left in the Unified Navigation bar. To open up the panel on the AWS website or any AWS service’s documentation page, choose the Amazon Q icon in the bottom right corner.
To ask Amazon Q a question, enter your question into the text bar in the Amazon Q panel. Amazon Q generates a response to your question with a sources section that links to its references.
After you receive a response, you can optionally leave feedback by using the thumbs-up and thumbs-down icons. You can also copy the response to your clipboard by choosing the copy icon.
**To start a new conversation in the console:**
1. You can start a new conversation by choosing the plus icon in the top right corner of the chat panel.
1. To name or rename a conversation, choose the text at the top of the chat panel and enter your conversation name.
## Manage conversations in the console
You can view, switch to, and delete your past conversations in Amazon Q.
Amazon Q maintains the history of previously asked questions and responses within a given conversation to use as context to inform responses. You can save up to 1,000 separate conversations with Amazon Q chat in the AWS console.
When you start a conversation, it’s automatically saved as a new conversation. You can title the conversation, or Amazon Q will generate a title based on the example prompt you select or the first few questions in the conversation.
You can switch between conversations to continue chatting with Amazon Q about previous topics. Inactive conversations, in which you don’t ask a new question, will be deleted after 90 days of inactivity. Messages older than 90 days will be deleted, even if a conversation is still active.
**To switch conversations:**
1. Choose the clock icon on the top right of the chat panel. The **Conversations** pop-up opens.
1. Choose the name of the conversation you want to resume. All previous messages from that conversation appear in the chat panel where you can continue chatting with Amazon Q.
**To delete conversations:**
1. Choose the clock icon on the top right of the chat panel. The **Conversations** pop-up opens.
1. Choose the delete icon next to the name of the conversation you want to delete.
If you’re using Amazon Q in the console, your current conversation and associated context are maintained when you navigate to another place in the console or to another browser or tab. If you’re using Amazon Q on the AWS website, Documentation website, or Console Mobile Application, a new conversation starts without any context when you navigate to a new page, browser, or tab.
## Navigate the Amazon Q chat panel
Note: You can switch between the Amazon Q chat panel and service consoles at any time:
1. To expand the Q chat panel in full-screen mode, choose the maximize icon in the top-right corner. To toggle full-screen mode, choose the resize icon.
1. To close the Q chat panel, choose < in the top-right corner. To close the panel with visualizations, choose X in the top-right corner.
1. To adjust the chat panel size, use the divider.
1. To reopen the chat panel, choose the Q icon in the Unified Navigation bar.
1. Your work is automatically saved when switching between views.
## Chat settings
To view your chat settings in Amazon Q, choose the gear icon in the top right of the chat panel.
+ **Region** — Amazon Q defaults to the AWS Region set in the AWS Management Console when you open the chat panel. To update the Region used by Amazon Q, change your console Region.
## Example prompts
You can ask Amazon Q questions about AWS and AWS services, such as finding the right service, understanding best practices or reviewing the state of your resources. If Amazon Q determines a visual interface would be helpful, it automatically displays a new panel with either a table or chart visualization.
You can also ask about software development with the AWS SDKs and AWS CLI. Amazon Q in the console can generate short scripts or code snippets to help you get started using the AWS SDKs and AWS CLI.
The following are example questions that demonstrate how Amazon Q can help you build on AWS:
+ List RDS databases without CloudWatch alarms
+ What's the maximum runtime for a Lambda function?
+ When should I put my resources in a VPC?
+ List S3 buckets with tag value **
+ Create a chart showing my cost per GB for different S3 storage classes
+ Graph EC2 cost per vCPU hour over the last 3 weeks
+ What's the best container service to use to run my workload if I need to keep my costs low?
+ Show me a bar chart of potential savings by optimization recommendation
To help you get started, Q recommends prompts when you start a new conversation. You can also view the list of supported prompts in the prompt library. To view prompts in the prompt library, choose the book icon in the top right of the chat panel.
# Chatting about your resources with Amazon Q Developer
Amazon Q Developer answers questions about your AWS account resources to help you understand your AWS infrastructure through natural language prompts. Using advanced reasoning capabilities, Amazon Q analyzes and provides insights about your resources so you can quickly get the information you need without relying on multiple service consoles, APIs, or complicated scripts.
The type of resource analysis Amazon Q can perform includes:
+ **Resource listing and details** – Ask for lists or specific details about resources in your account.
+ **Filtered queries** – Request resource information based on criteria such as region or configuration state.
+ **Cross-service analysis** – Ask complex questions about your infrastructure, configurations, and dependencies across multiple AWS resources and services.
+ **Troubleshooting assistance** – Get help identifying and resolving issues with your resources. For more information, see [Asking Amazon Q to troubleshoot your resources](chat-actions-troubleshooting.md).
For examples of questions you can ask, see [Ask Amazon Q for resource information](#ask-resource-questions).
**Topics**
+ [How it works](#how-chat-actions-works)
+ [Prerequisites](#resoure-chat-prereqs)
+ [Ask Amazon Q for resource information](#ask-resource-questions)
+ [Count resources with AWS Resource Explorer](#count-resources)
## How it works
To respond to questions about resources, Amazon Q uses service APIs and AWS Cloud Control API to retrieve the requested information. To allow Amazon Q to call the APIs required to retrieve requested resource information, your IAM identity must have permissions to use those APIs. For more information, see [Prerequisites](#resoure-chat-prereqs).
Amazon Q can perform get, list, and describe actions to retrieve information about multiple AWS resources at a time. When asked complex resource questions, Amazon Q creates dynamic, multi-step plans that explain the reasoning behind the actions it’s taking to further your understanding of your AWS environment. If the initial plan fails, Amazon Q attempts alternative methods or prompts you for any additional information required to continue.
Amazon Q can provide answers to questions enriched with read-only Q artifacts. For example, when you ask a question about your resources or cost and billing, Amazon Q generates visualizations like tables and charts to help you quickly understand the state of your account resources.
Amazon Q can’t answer questions about the data stored in your resources, such as listing objects in an Amazon S3 bucket, or questions related to your account security, identity, credentials, or cryptography.
## Prerequisites
You can chat about your account resources with Amazon Q in the AWS Management Console, AWS Console Mobile Application, and in [configured chat applications](q-in-chat-applications.md).
To chat about your resources, your IAM identity must have the following permissions:
+ Permissions to chat with Amazon Q, to use Cloud Control API, and to allow Amazon Q to access your resources. For an IAM policy that grants the required permissions, see [Allow users to chat about resources with Amazon Q](id-based-policy-examples-users.md#id-based-policy-examples-allow-resource-chat).
+ Permissions to access the resources you ask about. For example, if you ask Amazon Q to list your Amazon S3 buckets, you must have the `s3:ListAllMyBuckets` permission.
Amazon Q will never access resources that your IAM identity doesn't have access to.
**Important**
Normal fees apply when you ask Amazon Q to perform read, list, or describe actions. For more information, see the pricing page for the AWS service you are asking Amazon Q about.
## Ask Amazon Q for resource information
When you ask Amazon Q about your resources, you can specify the AWS Region that Amazon Q calls to locate your resources. If no Region is specified in a given query, Amazon Q will use a Region previously specified in your conversation if applicable, and otherwise uses your current console Region (or the most recent console Region if you are using a global console Region).
Amazon Q might need additional information to answer to your resource questions. When Amazon Q asks a follow up, reply with the requested details.
Following are example questions you can ask Amazon Q about your resources:
+ Describe the encryption settings for S3 bucket **
+ What SQS queues invoke my Lambda functions?
+ Do I have any MySQL RDS clusters that need updates?
+ List my EC2 instances in **
+ Get the configuration for my lambda function **
+ What alarms are configured for instance **?
+ List RDS databases without CloudWatch alarms
+ List S3 buckets with tag value **
+ Show me chart of my costs by service last week
+ Show me a bar chart of my top 10 most expensive resources
+ Create a chart showing budget vs forecasted spend
## Count resources with AWS Resource Explorer
When you ask a question that requires resource counting, such as 'How many EC2 resources are running in my account?', Amazon Q uses Cloud Control API by default to return a count of the requested resources. You also have the option to enable and configure Resource Explorer for faster resource counting with Amazon Q.
If Resource Explorer is enabled, Amazon Q will attempt to use it when generating a response that requires counting your resources. Amazon Q can use Resource Explorer to count a single type of resource across all AWS Regions. Using Resource Explorer enables Amazon Q to count resources faster by returning the count from the Resource Explorer index, as opposed to calling service APIs to list resources and count the results.
If you choose to enable Resource Explorer for resource counting, note that resource information can be out of date. Resource Explorer indexes resources in your account by taking a periodic inventory, and if resources have been created or deleted after the last inventory, the resource count will be incorrect. Resource Explorer also doesn't support resource filtering. If you ask to count resources matching a specific criteria, Amazon Q will fall back to Cloud Control API.
If you don't have Resource Explorer enabled and configured for use, or if Amazon Q can't use Resource Explorer to answer your question, Amazon Q uses Cloud Control API to count resources. Using Cloud Control API ensures an accurate resource count and supports resource filtering, however this can also lead to increased latency compared to counting with Resource Explorer. If you are counting a large number of resources, Cloud Control API can also time out.
To use Resource Explorer for resource counting, the following configuration is required:
+ The user interacting with Amazon Q must be in account where an Resource Explorer default view is configured and an aggregator index has been created in the same Region as the default view. For more information, see [Setting up Resource Explorer using Advanced setup](https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up.html#getting-started-setting-up-advanced) in the *AWS Resource Explorer User Guide*.
+ The user's IAM identity must have read permissions for the default view. For more information, see [Granting access to Resource Explorer views for search](https://docs.aws.amazon.com/resource-explorer/latest/userguide/configure-views-grant-access.html) in the *AWS Resource Explorer User Guide*.
# Asking Amazon Q to troubleshoot your resources
In the AWS Management Console, you can ask Amazon Q to troubleshoot issues you're having with your AWS resources. When you encounter a problem, open the chat panel and describe the situation to Amazon Q. For instance, you might enter, "I can't add an object to my S3 bucket" or "My load balancer is returning a 503 error". Amazon Q analyzes the information you provided to identify potential root causes. It then offers tailored solutions, step-by-step instructions, or best practices to resolve your issue efficiently.
Amazon Q currently accepts English prompts for the issues shown in the following table.
| AWS service | Type of issue that Amazon Q can help with | Example prompts |
| --- | --- | --- |
| Amazon S3 | Permissions issues | Why can’t I put objects into my S3 bucket? The bucket ID is amzn-s3-demo-bucket. Why can’t I delete the object s3://amzn-s3-demo-bucket-locked/Q-Stream2.jpg? Why can't I delete an object in S3? |
| AWS Glue | Job failures | My Glue job with the job name 'Run111B11B11-*<…>*' and the job run id 'bb\$1b1b111*<…>*' in the 'us-west-2' region failed. Why did my Glue job called GlueRun00AA00A00A-*<…>* fail? |
| Amazon Athena | Query issues | My Athena query didn't return any results. query ID: 222c22cc-2c022-*<…>* region id: us-east-2 I ran an Athena query with an execution ID of 333d33dd-3d33-*<…>* and a region of us-east-1, and it didn't return any results. |
| Amazon ECS | Task stoppage issues; Fargate health check issues; disconnected agent issues | My ECS task is stopped and I don't know why. The details of the task are: Cluster: my-ecs-cluster, Service: my-ecs-service, Task Definition: my-task-definition, Task ARN: arn:aws:ecs:us-west-2:444444444444:task/my-ecs-cluster/4ee4ee4ee4444*<…>* I'm having a problem with my ECS task. The task health check always fails for the task in the 'my-ecs-cluster' cluster and service. The Amazon ECS agent on one of my container instances appears to be disconnected. The agent is not responding or updating its status, which is causing tasks to be stuck in a pending state. |
| Amazon EC2 Elastic Load Balancing | Health check issues; 504, 503, 502, and 500 errors | Why are the health checks for the target group called 'my-target-group' failing? Why am I receiving 503 errors from my load balancer 'my-elb'? |
| Amazon EKS | Application Load Balancer (ALB) ingress controller issues; managed add-on issues | I have an ALB ingress controller in my EKS cluster, and am seeing a failure with the error message 'WebIdentityErr:failed to retrieve credentials'. The AWS region is us-west-2. There seems to be an issue with the add-ons in my EKS cluster called my-eks-cluster, in the us-west-2 region. |
| Amazon ECR | Secondary account access issues | I'm having difficulty granting access to an Amazon ECR image repository from a different AWS account. Specifically, I need to allow account 222222222222 to push and pull images from the repository named "my-ecr-repo" in my account (111111111111) in the region (us-west-2). |
For Amazon Q to troubleshoot your resources, you'll need the same permissions as those outlined in [Chatting about your resources with Amazon Q DeveloperChatting about your resources](chat-actions.md).
# Chatting about your costs
Amazon Q Developer is a generative artificial intelligence (AI) powered conversational assistant that can help you understand, build, extend, and operate AWS applications. Amazon Q Developer provides powerful capabilities to help you manage your AWS costs through natural conversation. You can analyze your historical and forecasted costs from Cost Explorer, discover cost-saving recommendations from Cost Optimization Hub and AWS Compute Optimizer, understand Savings Plans and reservation opportunities, and get instant answers about AWS product attributes or service pricing. Amazon Q Developer can both answer specific questions (e.g., "What were net unblended costs for EC2 instances last month?") or perform complex or open-ended analysis (e.g., "What were the biggest drivers of last week's cost decrease?"). Amazon Q Developer transforms how you interact with AWS cost data by letting you ask questions in your own words instead of learning query syntax or navigating multiple console pages, while providing precise answers backed by real data from your AWS account and showing exactly which APIs were called and where to find the information in the console.
For more information about the cost management capabilities in Amazon Q Developer, see [Managing your costs using generative AI with Amazon Q Developer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-cost-analysis-q.html) in the *AWS Cost Management User Guide*.
## What you can do
With Amazon Q Developer, you can:
+ **Analyze your costs** – Ask questions about your historical spending patterns, cost trends, and forecasted costs. For example, "What were my EC2 costs last month?" or "Why did my costs increase last week?"
+ **Find optimization opportunities** – Discover ways to reduce your AWS spending by asking about recommendations from Cost Optimization Hub, AWS Compute Optimizer, and Savings Plans. For example, "What are my top cost optimization opportunities?" or "Which EC2 instances are over-provisioned?"
+ **Understand pricing** – Get instant answers about AWS service pricing. For example, "How much does a c8g.2xlarge instance cost in us-east-1?" or "What would it cost to store 1 PB in S3 in Dublin?"
+ **Check payment status** – List recent invoices and check payment balance. For example, “List my invoices for the last 6 months” and “Do I have an outstanding payment balance?”
+ **Visualize your costs** – Generate custom charts and graphs of historical costs and usage, service pricing, budgets, and more. For example, “Show me a graph of how much we’re spending in each region” or “Create a chart breaking down EC2-Other costs last month”.
Amazon Q Developer adapts to however you phrase your questions. You can ask specific questions when you know exactly what you want, or ask open-ended exploratory questions and let Q investigate on your behalf. Q maintains context throughout your conversation, so you can ask follow-up questions to dive deeper or guide the analysis in a specific direction.
## How it works
When you ask Amazon Q Developer about your costs, Q retrieves data from AWS Cost Explorer, Cost Optimization Hub, AWS Compute Optimizer, and other AWS services. Q performs calculations, analyzes patterns, and provides insights based on your actual usage and spending data. With each response, Q provides transparency into how it arrived at its answer by showing you the API calls it made, the parameters used, and links to matching views in the AWS Management Console where available. This helps you verify the data and explore further.
## Getting started
To chat about your AWS costs, you need:
+ **Appropriate IAM permissions** – Your IAM identity must have permissions to chat with Amazon Q and access your billing data. For an IAM policy that grants the required permissions, see [Allow Amazon Q to access cost data and provide cost optimization recommendations](id-based-policy-examples-users.md#id-based-policy-examples-allow-cost-chat).
+ **Cost Explorer opt-in** – You must enable AWS Cost Explorer in your AWS account. To enable Cost Explorer, open the [Cost Explorer console](https://console.aws.amazon.com/costmanagement/home#/cost-explorer). For more information, see [Enabling Cost Explorer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-enable.html) in the *AWS Cost Management User Guide*.
To take advantage of the full range of Amazon Q Developer's cost management capabilities, you can also enable additional services such as AWS Cost Optimization Hub or AWS Budgets. To learn more, see [Overview of cost management capabilities in Amazon Q Developer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-q-overview.html) in the *AWS Cost Management User Guide*.
To get started:
1. Sign in to the AWS Management Console at [https://console.aws.amazon.com](https://console.aws.amazon.com).
1. Choose the Amazon Q icon on the right side of the console navigation bar.
1. Ask a question about your costs, such as:
+ "What were my costs last month?"
+ "What are my top cost optimization opportunities?"
+ "How much does a c8g.2xlarge instance running Linux cost in us-east-1?"
+ “Show me a pie chart of my costs by region last week”
You can also configure Amazon Q Developer in chat applications such as Slack and Microsoft Teams. For more information about using Amazon Q Developer in chat applications, see [Chatting with Amazon Q Developer in chat applications](q-in-chat-applications.md).
## Example questions
Following are example questions about costs that you can ask Amazon Q Developer:
**Cost analysis**
+ "What were my costs last month?"
+ "Show me my EC2 spending trends for the past six months."
+ "What are the top contributing services to my AWS bill in the eu-central-1 region?"
+ "Why did my costs increase last week?"
+ "Analyze my spending data for the last month and give me the most important insights."
**Cost optimization**
+ "What are my top cost optimization opportunities?"
+ "Which EC2 instances are over-provisioned?"
+ "Do I have any idle resources?"
+ "Which Savings Plans should I purchase?"
**Budget and anomaly monitoring**
+ "Have any teams exceeded their budgets?"
+ "Do I have any cost anomalies?"
**Pricing estimation**
+ "How much does a c8g.2xlarge instance cost in us-east-1?"
+ "What would it cost to store 1 PB in S3 in Dublin?"
+ "What's the monthly cost of a t4g.xlarge RDS instance with Multi-AZ and 300 GB gp2 storage?"
+ "What would be the price to build a basic three tier web app, with a small EC2 instance, API gateway, a \$15GB SQL database, and a basic JS front-end hosted in CloudFront?"
**Cost visualization**
+ “Graph my support charges by month for the last 12 months”
+ “Show me an area chart of EC2 costs by instance type by day this month”
+ “Create a chart of S3 storage pricing by tier in us-east-1”"
+ “Line chart of Savings Plans coverage and utilization % over the last 3 months”
+ “Graph EC2 cost per vCPU hour over the last 3 weeks”
# Chatting about your network security
****
| |
| --- |
| Chatting about network security is in preview, and is subject to change. |
Amazon Q can help you analyze your network security configurations, identify missing or misconfigured AWS network security services, and provide recommendations for a stronger network security posture. This helps you understand network security findings, implement remediation steps, and follow security best practices without interrupting your workflow.
When you ask Amazon Q about your network security, its responses include specific information about your resources, related security findings, and detailed remediation instructions as well as links to learn more in the AWS Management Console.
For more information about network security analysis with Amazon Q, see [Get insights with Amazon Q Developer](https://docs.aws.amazon.com/waf/latest/developerguide/nsd-security-insights.html) in the *AWS Shield network security director Developer Guide*.
## Prerequisites
You can chat about your AWS network security in the AWS Management Console and in [configured chat applications](q-in-chat-applications.md).
For Amazon Q to answer questions about your network security, the following prerequisites must be met.
### Add permissions
To chat about your network security, your IAM identity must have permissions to chat with Amazon Q. For an IAM policy that grants the required permissions, see [Allow users to chat with Amazon Q](id-based-policy-examples-users.md#id-based-policy-examples-allow-chat).
### Enable AWS Shield network security director
To chat about your network security with Amazon Q, you must enable AWS Shield network security director in your AWS account. To enable AWS Shield network security director:
1. Open the AWS Shield network security director console at [https://console.aws.amazon.com/nsd/](https://console.aws.amazon.com/nsd/).
1. Follow the setup instructions to enable the service.
1. Run a scan to collect security information about your resources.
## Example questions
Following are example questions about network security that you can ask Amazon Q:
+ Identify my top network security findings
+ Summarize the network security of my environment
+ Are my systems at risk of DDoS attacks?
+ How can I improve my network security?
+ Do I have any resources without WAF protection?
+ Which resources are not protected from common web vulnerabilities?
+ What are the common network security issues on my EC2 instances?
+ Do I have any WAF WebACLs that aren’t protecting anything?
# Chatting about email sending
Amazon Q can help you set up email sending in Amazon Simple Email Service (Amazon SES), helping you to optimize your sending delivery and engagement rates, and troubleshoot sending problems. When you ask Amazon Q about Amazon SES, it’s responses include information about the sending identities, configuration sets, and other Amazon SES resources in your account. It is also able to answer questions about your email sending patterns, as well as patterns of responses from mailbox providers such as Gmail and Yahoo.
## Prerequisites
You can chat about your Amazon SES in the AWS Management Console and in [configured chat applications](q-in-chat-applications.md).
For Amazon Q to answer questions about your email sending, the following prerequisites must be met.
### Add permissions
To chat about your email sending, your IAM identity must have permissions to chat with Amazon Q. For an IAM policy that grants the required permissions, see [Allow users to chat with Amazon Q](id-based-policy-examples-users.md#id-based-policy-examples-allow-chat). You must also have permissions to access the Amazon SES resources you ask about.
## Example questions
Following are example questions about email sending that you can ask Amazon Q:
+ Do I need to do anything to finish setting up SES for email sending?
+ Tell me which sending identities have the best deliverability performance.
+ How is my deliverability for emails sent to Yahoo?
+ Do you have any recommendations to improve my sending?
+ Tell me if there have been any recent events where my deliverability performance suddenly improved or worsened.
# Chatting about your telemetry and operations
Amazon Q analyzes your CloudWatch telemetry and operational data to help manage your AWS environment. It retrieves resource health information, monitors alarms, and provides troubleshooting guidance. When you ask questions, Amazon Q may prompt you for specific details like resource names and time ranges to ensure accurate assistance.
**AWS service health check:** Evaluate the health of resources of specified AWS services, assisting customers in troubleshooting and resolving issues or errors they encounter with these resources.
+ Is my Lambda function X healthy?
+ Is anything wrong with my Amazon ECS clusters?
+ Help me troubleshoot my DynamoDB tables between time X and Y.
+ Investigate anomalies related to Amazon S3 between time X and Y.
**Alarm troubleshooting:** Identifies alarms in Alarm state and the underlying telemetry that triggered the alarm, helping customers diagnose the reasons behind the alarm/alert/pages.
+ Why is my alarm with name X firing?
**Application Signals specific troubleshooting:** Analyzes CloudWatch Application Signals service-level objectives and indicators to determine the overall health of a service, enabling you to assess and maintain application performance.
+ Is my Service X in environment Y healthy?
For more information about how Amazon Q analyzes your CloudWatch telemetry and operational data, see *CloudWatch investigations* in the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations.html).