# Connecting Google Drive to Amazon Q Business (New)
With the new connector, you can build and refresh your index significantly faster than before, control the sync scope using a date filter, and enable your end-users to get insights from link sharing-enabled documents that they have accessed before. The new Google Drive connector also performs targeted identity crawls, eliminating the need to crawl all groups within an enterprise.
# Known limitations for the Amazon Q Business Google Drive connector
The Amazon Q Google Drive connector new has the following known limitations:
+ Comments synchronization is not supported in the new version.
+ VPC connectivity is not supported.
+ Custom field mappings are not supported.
+ File type pattern filtering is not supported (use MIME type filtering instead).
+ Document enrichment is not supported.
# Google Drive connector overview
The following table gives an overview of the Amazon Q Business Google Drive connector new and its supported features.
****
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/googledrive-v2-overview-primary.html)
# Prerequisites for connecting Amazon Q Business to Google Drive
Before you begin, make sure that you have completed the following prerequisites.
**In Google Drive, make sure you have:**
+ **Either** been granted access by a super admin role **or** are a user with administrative privileges. You do not need a super admin role for yourself if you have been granted access by a super admin role.
+ Configured Google Drive Service Account connection credentials containing your admin account email, client email (service account email), and private key. See [Google Cloud documentation on creating and deleting service account keys](https://cloud.google.com/iam/docs/keys-create-delete).
+ Created a Google Cloud Service Account (an account with delegated authority to assume a user identity) with **Enable G Suite Domain-wide Delegation** activated for server-to-server authentication, and then generated a JSON private key using the account.
**Note**
The private key should be generated after the creation of the service account.
+ Added Admin SDK API and Google Drive API in your user account.
+ Added (or asked a user with a super admin role to add) the following OAuth scopes to your service account using a super admin role. These API scopes are needed to crawl all documents, and access control (ACL) information for all users in a Google Workspace domain:
+ https://www.googleapis.com/auth/drive.readonly—View and download all your Google Drive files
+ https://www.googleapis.com/auth/drive.metadata.readonly—View metadata for files in your Google Drive
+ https://www.googleapis.com/auth/admin.directory.group.readonly—Scope for only retrieving group, group alias, and member information. This is needed for the Amazon Q Identity Crawler.
+ https://www.googleapis.com/auth/admin.directory.user.readonly—Scope for only retrieving users or user aliases. This is needed for listing users in the Amazon Q Identity Crawler and for setting ACLs.
+ https://www.googleapis.com/auth/cloud-platform—Scope for generating access token for fetching content of large Google Drive files.
+ https://www.googleapis.com/auth/forms.body.readonly—Scope for fetching data from Google Forms.
** To support the Forms API, add the following additional scope:**
+ https://www.googleapis.com/auth/forms.body.readonly
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your Google Drive authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Connecting Amazon Q Business to Google Drive using the console
The following procedure outlines how to connect Amazon Q Business to Google Drive new using the AWS Management Console.
**Connecting Amazon Q to Google Drive new**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. From the left navigation menu, choose **Data sources**.
1. From the **Data sources** page, choose **Add data source**.
1. Then, on the **Add data sources** page, from **Data sources**, add the **Google Drive** data source to your Amazon Q application.
1. Then, on the **Google Drive** data source page, enter the following information:
1. **Name and description**, do the following:
+ For **Data source name** – Name your data source for easy tracking.
**Note**
You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters.
+ **Description – *optional*** – Add an optional description for your data source. This text is viewed only by Amazon Q Business administrators and can be edited later.
1. In **Authorization**, configure access control settings: Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. If supported for your connector, you can manage ACLs by selecting *Enable ACLs* to enable ACLs or *Disable ACLs* to disable them. To manage ACLs, you need specific IAM permissions. See [Grant permission to create data sources with ACLs disabled](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html#DisableAclOnDataSource) for more details. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization)for more details.
1. **AWS Secrets Manager secret** – Choose an existing secret or create a secret to store your GoogleDrive authentication credentials. If you choose to create a secret, an AWS Secrets Manager secret window opens.
1. If you choose **Existing**, select an existing secret for **Select secret**.
If you choose **New**, enter the following information in the **New AWS Secrets Manager secret** section:
1. **Secret name** – A name for your secret.
1. Enter the following information:
+ **Secret Name** – A name for your secret.
+ **Admin account email** – The email ID of the admin user (the email used by the Service Account User) in your Google service account configuration.
+ **Client email** – The email ID of the service account.
+ **Private Key** – The private key created in your service account.
Then, choose **Save and add secret**.
1. In **Identity crawler**, configure identity crawling settings:
1. **Identity crawling has been turned on for your connector as the ACLs are enabled** – This notification appears when ACLs are enabled.
1. **Manage identity crawling logs** – When enabled, CloudWatch logs will show identities associated with local groups, as crawled during each sync job. If you disable this option post sync job completion (or partial run), you'll need to manually delete any associated identity crawling logs already generated.
+ **Enable identity crawling logs** – Identities crawled during data source sync will be logged.
+ **Disable identity crawling logs** – Identities crawled during data source sync will not be logged.
1. **IAM role** – Amazon Q Business requires an IAM role to access repository credentials and application content:
1. **Choose an option** – Select an existing IAM role or create a new one.
1. In **Sync scope**, configure which content to sync:
1. **Sync contents** – Choose the following options to select contents to sync. To further limit the contents that you want to sync for specific folders or files use the 'Entity regex patterns':
+ **My Drive** – Selected by default. Use this option if you want the files in all of your users’ My Drives to be included.
+ **Shared with me** – Selected by default. Use this option if you want the files from 'Shared with me' to be included.
+ **Shared Drives** – Selected by default. Use this option if you want to include shared drives. You can use the shared drive filter (see below) to sync files from specific shared drives.
1. For **Maximum file size** – You can specify the file size limit in GB for Amazon Q crawling. Amazon Q crawls only files within the defined size limit. The default file size is 50MB. The maximum file size limit is 10 GB. Files must be larger than 0 MB and no larger than 10 GB. You can go up to 10 GB (10240 MB) if you enable **Video files** in **Multi-media content** configuration, and up to 2 GB (2048 MB) if you enable **Audio files** in **Multi-media content configuration**.
1. In **Additional configuration - *optional***, configure additional filtering options. All content will be indexed by default. However, you can also limit the scope with these additional options:
1. **Date filter** – Add a date range to filter content based on the last modified date:
+ **Start date** – Enter the start date in YYYY/MM/DD format.
+ **End date - *optional*** – Enter the end date in YYYY/MM/DD format.
1. **Shared drives** – Add IDs of shared drives you want to include or exclude in your application:
+ **Include shared drives** – Add shared drive IDs to include.
+ **Exclude shared drives** – Add shared drive IDs to exclude.
1. **Mime types** – Add Mime types to include or exclude in Google Drive account:
+ **Include mime types** – Add MIME types to include (e.g., `application/vnd.google-apps.document` for Google Docs, `application/pdf` for PDF files).
+ **Exclude mime types** – Add MIME types to exclude.
1. **Multi-media content configuration – optional** – To enable content extraction from embedded images and visuals in documents, choose **Visual content in documents**. For more information, see [Extracting semantic meaning from embedded images and visuals](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/extracting-meaning-from-images.html).
To extract audio transcriptions and video content, enable **Audio Files**. To extract video content, enable **Video files**. For more information, see [Extracting semantic meaning from audio and video Content](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/Audio-video-extraction.html).
1. **Advanced settings**
**Document deletion safeguard** - *optional*–To safeguard your documents from deletion during a sync job, select **On** and enter an integer between 0 - 100. If the percentage of documents to be deleted in your sync job exceeds the percentage you selected, the delete phase will be skipped and no documents from this data source will be deleted from your index. For more information, see [Document deletion safeguard](connector-concepts.md#document-deletion-safeguard).
1. In **Sync run schedule**, for **Frequency** – Choose how often Amazon Q will sync with your data source. For more details, see [Sync run schedule](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-run). To learn how to start a data sync job, see [Starting data source connector sync jobs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/supported-datasource-actions.html#start-datasource-sync-jobs).
1. **Tags - *optional*** – Add tags to search and filter your resources or track your AWS costs. See [Tags](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tagging.html) for more details.
1. In **Data source details**, choose **Sync now** to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use.
**Note**
View CloudWatch logs for your data source sync job by selecting **View CloudWatch logs**. If you encounter a `Resource not found exception` error, wait and try again as logs may not be available immediately.
You can also view a detailed document-level report by selecting **View Report**. This report shows the status of each document during the crawl, sync, and index stages, including any errors. If the report is empty for an in-progress job, check back later as data is emitted to the report as events occur during the sync process.
For more information, see [Troubleshooting data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/troubleshooting-data-sources.html#troubleshooting-data-sources-not-indexed).
# IAM role for Amazon Q Business Google Drive connector
If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create an Amazon Q resource. When you call the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) operation, you provide the Amazon Resource Name (ARN) role with the policy attached.
If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role.
To learn more about IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *AWS Identity and Access Management User Guide*.
To connect your data source connector to Amazon Q, you must give Amazon Q an IAM role that has the following permissions:
+ Permission to access the `BatchPutDocument` and `BatchDeleteDocument` operations to ingest documents.
+ Permission to access the [User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) API operations to ingest user and group access control information from documents.
+ Permission to access your AWS Secrets Manager secret to authenticate your data source connector instance.
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQToGetSecret",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:{{region}}:{{account_id}}:secret:{{secret_id}}"
]
},
{
"Sid": "AllowsAmazonQToDecryptSecret",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:{{region}}:{{account_id}}:key/{{key_id}}"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"secretsmanager.*.amazonaws.com"
]
}
}
},
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
},
{
"Sid": "AllowsAmazonQToCallPrincipalMappingAPIs",
"Effect": "Allow",
"Action": [
"qbusiness:PutGroup",
"qbusiness:CreateUser",
"qbusiness:DeleteGroup",
"qbusiness:UpdateUser",
"qbusiness:ListGroups"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}/data-source/*"
]
}
]
}
```
**To allow Amazon Q to assume a role, you must also use the following trust policy:**
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "qbusiness.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{source_account}}"
},
"ArnEquals": {
"aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}"
}
}
}
]
}
```
For more information on Amazon Q data source connector IAM roles, see [IAM roles for Amazon Q data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds).
# How Amazon Q Business connector crawls Google Drive ACLs
Connectors support crawling ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security.
Amazon Q Business supports crawling ACLs for document security by default.
The Google Drive connector for Amazon Q Business crawls files with enhanced performance. It supports various file formats, including spreadsheets, presentations, images, audio/video files, and Google Docs™.
**Roles/permissions**: The Google Drive connector translates Google Drive permissions into ACLs that are compatible with Amazon Q Business. There are four primary roles with permissions:
+ Owner - Has full control.
+ Editor - Can modify content, update metadata, and add or remove comments.
+ Commenter - Can view content and add comments.
+ Viewer - Has read-only access.
**Permission Inheritance**: The Google Drive connector is designed to detect and handle hierarchical content organization across My Drive and Shared Drives with improved efficiency. By default, files and subfolders inherit permissions from parent folders. Permissions can be explicitly modified at either the file or folder level to override inherited settings. In this case, the ACLs are a union of the parent ACLs and child ACLs.
**Identity Crawling**: Domain-wide access is supported using service account authentication. Google Drive supports nested groups, meaning that one group can be a member of another. The connector handles complex group structures by flattening group memberships and ensuring that permissions are applied correctly across all levels.
**Change Management**: ACL changes are automatically detected and processed during incremental synchronization.
**Failure handling**: The connector implements a fail-close approach, meaning that if there are permissions-related issues or API failures, a document is skipped from ingestion rather than being made publicly accessible.
# Connecting Amazon Q Business to GoogleDrive using API
You use the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) action to connect a data source to your Amazon Q application. You can also use the [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) action to modify an existing data source configuration.
Then, you use the `configuration` parameter to provide a JSON blob that conforms the AWS-defined JSON schema.
For an example of the API request, see [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) and [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) in the Amazon Q API Reference.
**Topics**
+ [Google Drive configuration properties](#google-configuration-keys)
+ [Google Drive JSON schema](#googledrive-v2-json)
+ [GoogleDrive JSON schema example](#googledrive-v2-json-example)
+ [GoogleDrive minimal configuration example](#googledrive-v2-json-minimal-example)
## Google Drive configuration properties
The following provides information about important configuration properties required in the schema.
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| type | The connector type. Must be GOOGLEDRIVEV3. | string | Yes |
| connectionConfiguration | Configuration information for the data source connection. | `object` This property has the following sub-properties: `secretArn`, `authType`. | Yes |
| secretArn | The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the Google Drive credentials. | string | Yes |
| authType | The authentication type. The valid value is: SERVICE\$1ACCOUNT. | string | Yes |
| dataEntityConfiguration | Configuration for which Google Drive entities to crawl. | `object` This property has the following sub-properties: `crawlMyDrive`, `crawlSharedWithMe`, `crawlSharedDrives`. | Yes |
| crawlMyDrive | Whether to crawl the user's personal drive. Default is true. | boolean | No |
| crawlSharedWithMe | Whether to crawl files shared with the user. Default is true. | boolean | No |
| crawlSharedDrives | Whether to crawl shared drives. Default is true. | boolean | No |
| accessControlConfiguration | Configuration for access control list (ACL) crawling. | `object` This property has the following sub-property: `crawlAcl`. | Yes |
| crawlAcl | Whether to crawl access control lists for documents. | boolean | No |
| filterConfiguration | Configuration for filtering which content to crawl. | `object` Contains various filtering options including shared drives, MIME types, and date ranges. | No |
| maxFileSizeInMegaBytes | Maximum file size to crawl in megabytes. | string | No |
| exclusionSharedDriveIds | Array of shared drive IDs to exclude from crawling. Maximum 1024 entries. | array | No |
| inclusionSharedDriveIds | Array of shared drive IDs to include in crawling. Maximum 1024 entries. | array | No |
| exclusionMimeTypes | Array of MIME types to exclude from crawling. Maximum 1024 entries. | array | No |
| inclusionMimeTypes | Array of MIME types to include in crawling. Maximum 1024 entries. | array | No |
| modifiedDateBefore | Only crawl files modified before this date. ISO 8601 format (e.g., 2024-12-31T23:59:59Z). | string | No |
| modifiedDateAfter | Only crawl files modified after this date. ISO 8601 format (e.g., 2024-01-01T00:00:00Z). | string | No |
| crawlIdentities | Whether to crawl user and group identities. Not supported in new. | boolean | No |
| deletionProtectionConfiguration | Configuration for deletion protection settings. | `object` This property has the following sub-properties: `enableDeletionProtection`, `deletionProtectionThreshold`. | No |
| enableDeletionProtection | Whether to enable deletion protection. | boolean | No |
| deletionProtectionThreshold | Threshold percentage for deletion protection. | string | No |
| version | Version of the connector configuration. | string | No |
| identityLoggingStatus | Status of identity logging. Valid values are ENABLED and DISABLED. | string | No |
## Google Drive JSON schema
The following is the Google Drive New JSON schema:
```
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["GOOGLEDRIVEV3"]
},
"connectionConfiguration": {
"type": "object",
"properties": {
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"authType": {
"type": "string",
"enum": ["SERVICE_ACCOUNT"]
}
},
"required": ["secretArn", "authType"]
},
"dataEntityConfiguration": {
"type": "object",
"properties": {
"crawlMyDrive": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlSharedWithMe": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlSharedDrives": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
}
}
},
"filterConfiguration": {
"type": "object",
"properties": {
"maxFileSizeInMegaBytes": {
"type": "string"
},
"exclusionSharedDriveIds": {
"type": "array",
"maxItems": 1024,
"items": {
"type": "string"
}
},
"inclusionSharedDriveIds": {
"type": "array",
"maxItems": 1024,
"items": {
"type": "string"
}
},
"exclusionMimeTypes": {
"type": "array",
"maxItems": 1024,
"items": {
"type": "string"
}
},
"inclusionMimeTypes": {
"type": "array",
"maxItems": 1024,
"items": {
"type": "string"
}
},
"modifiedDateBefore": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 date-time format (e.g., 2024-12-31T23:59:59Z)"
},
"modifiedDateAfter": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 date-time format (e.g., 2024-01-01T00:00:00Z)"
}
}
},
"accessControlConfiguration": {
"type": "object",
"properties": {
"crawlAcl": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
}
}
},
"crawlIdentities": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"deletionProtectionConfiguration": {
"type": "object",
"properties": {
"enableDeletionProtection": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"deletionProtectionThreshold": {
"type": "string"
}
}
},
"version": {
"type": "string"
},
"identityLoggingStatus": {
"type": "string",
"enum": ["ENABLED", "DISABLED"]
}
},
"required": ["type", "connectionConfiguration", "dataEntityConfiguration", "accessControlConfiguration"]
}
```
## GoogleDrive JSON schema example
The following is the GoogleDrive New JSON schema example:
```
{
"type": "GOOGLEDRIVEV3",
"connectionConfiguration": {
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-google-drive-secret",
"authType": "SERVICE_ACCOUNT"
},
"dataEntityConfiguration": {
"crawlMyDrive": true,
"crawlSharedWithMe": true,
"crawlSharedDrives": true
},
"filterConfiguration": {
"maxFileSizeInMegaBytes": "50",
"exclusionSharedDriveIds": ["SharedDrive1"],
"inclusionSharedDriveIds": ["SharedDrive2"],
"exclusionMimeTypes": ["application/vnd.google-apps.folder"],
"inclusionMimeTypes": ["application/pdf", "application/vnd.google-apps.document"],
"modifiedDateBefore": "2024-12-31T23:59:59Z",
"modifiedDateAfter": "2024-01-01T00:00:00Z"
},
"accessControlConfiguration": {
"crawlAcl": true
},
"crawlIdentities": true,
"deletionProtectionConfiguration": {
"enableDeletionProtection": false,
"deletionProtectionThreshold": "10"
},
"version": "3.0.0",
"identityLoggingStatus": "DISABLED"
}
```
## GoogleDrive minimal configuration example
The following is the minimum required configuration for GoogleDrive New:
```
{
"type": "GOOGLEDRIVEV3",
"connectionConfiguration": {
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-google-drive-secret",
"authType": "SERVICE_ACCOUNT"
},
"dataEntityConfiguration": {
"crawlMyDrive": true,
"crawlSharedWithMe": false,
"crawlSharedDrives": false
},
"accessControlConfiguration": {
"crawlAcl": false
}
}
```
# Connecting Amazon Q Business to Google Drive using AWS CloudFormation
You use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html) resource to connect a data source to your Amazon Q application.
Use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid) property to provide a JSON or YAML schema with the necessary configuration details specific to your data source connector.
To learn more about AWS CloudFormation, see [What is AWS CloudFormation?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in the *CloudFormation User Guide*.
**Topics**
+ [Google Drive New CloudFormation template](#googledrive-v2-cfn-template)
## Google Drive New CloudFormation template
The following is the Google Drive New CloudFormation template. Copy and save this template to a file on your local drive.
For more information about CloudFormation templates, see [Working with CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-guide.html) in the *CloudFormation User Guide*.
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Template to connect Google Drive New to Amazon Q Business",
"Parameters": {
"ApplicationId": {
"Type": "String",
"Description": "Amazon Q Business Application ID"
},
"IndexId": {
"Type": "String",
"Description": "Amazon Q Business Index ID"
},
"DataSourceName": {
"Type": "String",
"Description": "Name for the Google Drive data source"
},
"RoleArn": {
"Type": "String",
"Description": "IAM Role ARN for the data source"
},
"SecretArn": {
"Type": "String",
"Description": "AWS Secrets Manager ARN containing Google Drive credentials"
}
},
"Resources": {
"GoogleDriveV3DataSource": {
"Type": "AWS::QBusiness::DataSource",
"Properties": {
"ApplicationId": {"Ref": "ApplicationId"},
"IndexId": {"Ref": "IndexId"},
"DisplayName": {"Ref": "DataSourceName"},
"RoleArn": {"Ref": "RoleArn"},
"Configuration": {
"type": "GOOGLEDRIVEV3",
"connectionConfiguration": {
"secretArn": {"Ref": "SecretArn"},
"authType": "SERVICE_ACCOUNT"
},
"dataEntityConfiguration": {
"crawlMyDrive": true,
"crawlSharedWithMe": true,
"crawlSharedDrives": false
},
"accessControlConfiguration": {
"crawlAcl": true
},
"filterConfiguration": {
"maxFileSizeInMegaBytes": "50"
},
"crawlIdentities": false,
"deletionProtectionConfiguration": {
"enableDeletionProtection": true,
"deletionProtectionThreshold": "15"
}
}
}
}
}
}
```