# Connecting SharePoint Server 2019 to Amazon Q Business
Microsoft SharePoint is a collaborative website building service that lets you customize web content and create web pages, web sites, document libraries, and lists. You can connect a SharePoint Server 2019 instance to Amazon Q Business—using either the AWS Management Console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) API—and create an Amazon Q web experience.
Amazon Q supports Microsoft SharePoint Server (versions 2016, 2019, and Subscription Edition).
**Topics**
+ [Known limitations for the Amazon Q Business SharePoint Server 2019 connector](sharepoint-server-2019-limitations.md)
+ [SharePoint Server 2019 connector overview](sharepoint-server-2019-overview.md)
+ [Prerequisites for connecting Amazon Q Business to SharePoint Server 2019](sharepoint-server-2019-prereqs.md)
+ [Connecting Amazon Q Business to SharePoint Server 2019 using the console](sharepoint-server-2019-console.md)
+ [Connecting Amazon Q Business to SharePoint Server 2019 using APIs](sharepoint-server-2019-api.md)
+ [Connecting Amazon Q Business to SharePoint Server 2019 using AWS CloudFormation](sharepoint-server-2019-cfn.md)
+ [How Amazon Q Business connector crawls SharePoint Server 2019 ACLs](sharepoint-server-2019-user-management.md)
+ [Amazon Q Business SharePoint Server 2019 data source connector field mappings](sharepoint-server-2019-field-mappings.md)
+ [IAM role for Amazon Q Business SharePoint Server 2019 connector](sharepoint-server-2019-iam-role.md)
+ [Understand error codes in the SharePoint Server 2019 connector](sharepoint-server-2019-error-codes.md)
**Learn more**
+ For an overview of the Amazon Q web experience creation process using IAM Identity Center, see [Configuring an application using IAM Identity Center](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application.html).
+ For an overview of the Amazon Q web experience creation process using AWS Identity and Access Management, see [Configuring an application using IAM](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application-iam.html).
+ For an overview of connector features, see [Data source connector concepts](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html).
+ For information about connector configuration best practices, see [Connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Known limitations for the Amazon Q Business SharePoint Server 2019 connector
The SharePoint Server 2019 connector has the following known limitations:
+ The Amazon Q SharePoint connector supports custom field mappings only for the **Files** entity.
+ For all SharePoint Server versions, the ACL token must be in lower case. For **Email with Domain from IDP** and **Email ID with Custom Domain** ACL, for example: *user@sharepoint2019.com*. For **Domain\$1User with Domain** ACL, for example: *sharepoint2013\$1user*.
+ If an entity name has a `%` character in its name, the connector will skip these files due to API limitations.
+ OneNote can only be crawled by the connector using a Tenant ID, and with OAuth 2.0, OAuth 2.0 refresh token, or SharePoint App Only authentication activated for SharePoint Online.
+ The connector crawls the first section of a OneNote document using its default name only, even if the document is renamed.
+ The connector crawls links in SharePoint 2019 only if **Pages** and **Files** are selected as entities to be crawled in addition to **Links**.
+ The connector crawls only list attachments and comments when **List Data** is selected as an entity to be crawled.
+ The connector crawls event attachments only when **Events** is also selected as an entity to be crawled.
+ To crawl nested groups using **Identity crawler**, you have to activate Local as well as AD Group Crawling.
+ To use **Identity Crawler** with SharePoint Server 2019 to crawl nested groups, you have to enable both Local and AD Group Crawling.
+ Query responses based on AD Group ACLs are not supported for SharePoint Server 2019. You need to add users and groups directly to your document permissions list.
+ When Access Control Lists (ACLs) are enabled, the "Sync only new or modified content" option is not available due to SharePoint Server 2019 API limitations. We recommend using "Full sync" or "New, modified, or deleted content sync" modes instead, or disable ACLs if you need to use this sync mode.
# SharePoint Server 2019 connector overview
The following table gives an overview of the Amazon Q Business SharePoint Server 2019 connector and its supported features.
****
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-overview.html)
# Prerequisites for connecting Amazon Q Business to SharePoint Server 2019
The following page outlines the prerequisites you need to complete before connecting SharePoint Server 2019 to Amazon Q, based on the authentication mode of your choice.
**Topics**
+ [Prerequisites for using NTLM authentication](#sharepoint-server-2019-prereqs-ntlm)
+ [Prerequisites for using Kerberos authentication](#sharepoint-server-2019-prereqs-kerberos)
+ [Prerequisites for using SharePoint App-Only authentication](#sharepoint-server-2019-prereqs-app-only)
## Prerequisites for using NTLM authentication
**If you're using NTLM authentication, make sure you've completed the following steps in SharePoint Server 2019:**
+ Copied your SharePoint instance URLs. The format for the host URL you enter is *https://yourdomain.sharepoint.com/sites/mysite*. Your URL must start with `https` and contain `sharepoint.com`.
+ Copied the domain name of your SharePoint instance URL.
+ Generated an SSL certificate and uploaded it to an Amazon S3 bucket.
+ Noted the username and password that you use to connect to SharePoint.
**If you're using **Email ID with Domain from IDP** to control access to your documents, make sure you've completed the following steps:**
+ Copied your LDAP Server Endpoint (endpoint of LDAP server including protocol and port number). For example: *ldap://example.com:389*.
+ Copied your LDAP Search Base (search base of the LDAP user). For example: *CN=Users,DC=sharepoint,DC=com*.
+ Copied your LDAP username and LDAP password.
**If using **Email ID with Custom Domain** for access control, complete the following step:**
+ Noted your custom email domain value—for example: *"amazon.com"*.
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your SharePoint Server 2019 authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
## Prerequisites for using Kerberos authentication
**If you're using Kerberos authentication, make sure you've completed the following steps in SharePoint Server 2019:**
+ Copied your SharePoint instance URLs. The format for the host URL you enter is *https://yourdomain.sharepoint.com/sites/mysite*. Your URL must start with `https` and contain `sharepoint.com`.
+ Copied the domain name of your SharePoint instance URL.
+ Generated an SSL certificate and uploaded it to an Amazon S3 bucket.
+ Noted the username and password that you use to connect to SharePoint.
**(Optional) If you're using **Email ID with Domain from IDP** to control access to your documents, make sure you've completed the following steps:**
+ Copied your LDAP Server Endpoint (endpoint of LDAP server including protocol and port number). For example: *ldap://example.com:389*.
+ Copied your LDAP Search Base (search base of the LDAP user). For example: *CN=Users,DC=sharepoint,DC=com*.
+ Copied your LDAP username and LDAP password.
**(Optional) If using **Email ID with Custom Domain** for access control, complete the following step:**
+ Noted your custom email domain value—for example: *"amazon.com"*.
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your SharePoint Server 2019 authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
## Prerequisites for using SharePoint App-Only authentication
**If you're using SharePoint App-Only authentication, make sure you've completed the following steps in SharePoint Server 2019:**
+ Copied the SharePoint client ID generated when you registered App Only at Site Level. ClientID format is ClientID@TenantId. For example, *ffa956f3-8f89-44e7-b0e4-49670756342c@888d0b57-69f1-4fb8-957f-e1f0bedf82fe*.
+ Copied the SharePoint client secret generated when you registered App Only at Site Level.
**Important**
**Note: **Because client IDs and client secrets are generated for single sites only when you register SharePoint Server for App Only authentication, only one site URL is supported for SharePoint App Only authentication.
+ Noted the Tenant ID of your SharePoint account.
+ Noted your **LDAP Server Endpoint**, **LDAP Search Base**, **LDAP username**, and **LDAP password**.
**Note**
SharePoint App-Only Authentication is *not* supported for SharePoint 2013 version.
**(Optional) If you're using **Email ID with Domain from IDP** to control access to your documents, make sure you've completed the following steps:**
+ Copied your LDAP Server Endpoint (endpoint of LDAP server including protocol and port number). For example: *ldap://example.com:389*.
+ Copied your LDAP Search Base (search base of the LDAP user). For example: *CN=Users,DC=sharepoint,DC=com*.
+ Copied your LDAP username and LDAP password.
**(Optional) If using **Email ID with Custom Domain** for access control, complete the following step:**
+ Noted your custom email domain value—for example: *"amazon.com"*.
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your SharePoint Server 2019 authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Connecting Amazon Q Business to SharePoint Server 2019 using the console
The following procedure outlines how to connect Amazon Q Business to SharePoint Server 2019 using the AWS Management Console.
**Connecting Amazon Q to SharePoint Server 2019**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. From the left navigation menu, choose **Data sources**.
1. From the **Data sources** page, choose **Add data source**.
1. Then, on the **Add data sources** page, from **Data sources**, add the **SharePoint** data source to your Amazon Q application.
1. Then, on the **SharePoint Server 2019** data source page, enter the following information:
1. **Name and description**, do the following:
+ For **Data source name** – Name your data source for easy tracking.
**Note**
You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters.
+ **Description – *optional*** – Add an optional description for your data source. This text is viewed only by Amazon Q Business administrators and can be edited later.
1. In **Source**, enter the following information:
1. In **Source**, for **Hosting Method** – Choose **SharePoint Server**.
1. **Choose SharePoint Version** – Choose **SharePoint 2019**.
1. **Site URLs specific to your SharePoint repository** – Enter the SharePoint host URLs. The format for the host URLs you enter is *https://yourcompany/sites/mysite*. The URL must start with `https` protocol. Separate URLs with a new line. You can add up to 100 URLs.
1. **Domain** – Enter the SharePoint domain.
1. **SSL certificate location** – Enter the Amazon S3 path to your SSL certificate file.
1. For **Web proxy – *optional*** – Enter the host name (without the `http://` or `https://` protocol), and the port number used by the host URL transport protocol. The numeric value of the port number must be between 0 and 65535.
1. For **Authorization** – Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. You can manage ACLs by selecting ** Enable ACLs ** to enable ACLs or **Disable ACLs** to disable them. To manage ACLs, you need specific IAM permissions. See [Grant permission to create data sources with ACLs disabled](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html#DisableAclOnDataSource) for more details. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details. For SharePoint Server, you can choose from the following ACL options:
1. **Email ID with Domain from IDP** – Access control is based on email IDs that are extracted from email domains fetched from the underlying identity provider (IdP). You provide the IdP connection details in your Secrets Manager secret during **Authentication**.
1. **Email ID with Custom Domain** – Access control is based on email IDs. Provide the email domain value. For example, *"amazon.com"*. The email domain is used to construct the email ID for access control. You must enter your email domain using **Add Email Domain**.
See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details.
1. For **Authentication**, choose between **SharePoint App-Only authentication**, **NTLM authentication**, and **Kerberos authentication**, based on your use case.
1. Enter the following information for both **NTLM authentication** and **Kerberos authentication**:
For **AWS Secrets Manager secret** – Choose an existing secret or create a Secrets Manager secret to store your SharePoint authentication credentials. If you choose to create a secret, an AWS Secrets Manager secret window opens. Enter the following information in the window:
+ **Secret name** – A name for your secret.
+ **Username** – Username for your SharePoint account.
+ **Password** – Password for your SharePoint account.
If using **Email ID with Domain from IDP**, also enter your:
+ **LDAP Server Endpoint** – Endpoint of LDAP server, including protocol and port number. For example: *ldap://example.com:389*.
+ **LDAP Search Base** – Search base of LDAP user. For example: *CN=Users,DC=sharepoint,DC=com*.
+ **LDAP username** – Your LDAP username.
+ **LDAP Password** – Your LDAP password.
1. Enter the following information for **SharePoint App-Only authentication**:
For **AWS Secrets Manager secret** – Choose an existing secret or create a Secrets Manager secret to store your SharePoint authentication credentials. If you choose to create a secret, an AWS Secrets Manager secret window opens. Enter the following information in the window:
+ **Secret name** – A name for your secret.
+ **Client ID** – The SharePoint client ID that you generated when you registered App Only at Site Level. The ClientID format is ClientID@TenantId. For example, *ffa956f3-8f89-44e7-b0e4-49670756342c@888d0b57-69f1-4fb8-957f-e1f0bedf82fe*.
+ **SharePoint client secret** – The SharePoint client secret generated when your register for App Only at Site Level.
**Note:** Because client IDs and client secrets are generated for single sites only when you register SharePoint Server for App Only authentication, only one site URL is supported for SharePoint App Only authentication.
If using **Email ID with Domain from IDP**, also enter your:
+ **LDAP Server Endpoint** – Endpoint of LDAP server, including protocol and port number. For example: *ldap://example.com:389*.
+ **LDAP Search Base** – Search base of LDAP user. For example: *CN=Users,DC=sharepoint,DC=com*.
+ **LDAP username** – Your LDAP user name.
+ **LDAP Password** – Your LDAP password.
1. **Configure VPC and security group – *optional*** – Choose whether you want to use a VPC. If you do, enter the following information:
1. **Subnets** – Select up to 6 repository subnets that define the subnets and IP ranges the repository instance uses in the selected VPC.
1. **VPC security groups** – Choose up to 10 security groups that allow access to your data source. Ensure that the security group allows incoming traffic from Amazon EC2 instances and devices outside your VPC. For databases, security group instances are required.
For more information, see [VPC](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-vpc).
1. **Identity crawler** – Amazon Q crawls identity information from your data source by default to ensure responses are generated only from documents end users have access to. Only **Local Group Members** will be crawled by **Identity crawler**. For more information, see [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler).
1. **IAM role** – Choose an existing IAM role or create an IAM role to access your repository credentials and index content.
**Note**
Creating a new service IAM role is recommended.
For more information, see [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-connector.html#sharepoint-server-2019-iam).
1. In **Sync scope**, choose from the following options :
1. **Select entities** – Choose the entities that you want to crawl. You can select to crawl **All** entities or any combination of **Files**, **Attachments**, **Links**, **Pages**, **Events** and **List Data**.
1. In **Additional configuration – *optional***, for **Entity regex patterns** – Add regular expression patterns for **Links**, **Pages**, and **Events** to include specific entities instead of syncing all your documents.
1. **Regex patterns** – Add regular expression patterns to include or exclude files by **File path**, **File name**, **File type**, **OneNote section name**, and **OneNote page name** instead of syncing all your documents. You can add up to 100 patterns.
**Note**
Any valid regex pattern is supported. For example, if you use the regex `^QBusiness*`, any content starting with the word `QBusiness` followed by any number of characters will be filtered (`QBusiness_doc1` or `QBusiness`, but not `doc1_QBusiness`).
1. **Multi-media content configuration – optional** – To enable content extraction from embedded images and visuals in documents, choose **Visual content in documents**.
To extract audio transcriptions and video content, enable processing for the following file types:
1. **Advanced settings**
**Document deletion safeguard** - *optional*–To safeguard your documents from deletion during a sync job, select **On** and enter an integer between 0 - 100. If the percentage of documents to be deleted in your sync job exceeds the percentage you selected, the delete phase will be skipped and no documents from this data source will be deleted from your index. For more information, see [Document deletion safeguard](connector-concepts.md#document-deletion-safeguard).
1. In **Sync mode**, choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Q for the first time, all content is synced by default.
+ **Full sync** – Sync all content regardless of the previous sync status.
+ **New or modified content sync** – Sync only new and modified documents.
+ **New, modified, or deleted content sync** – Sync only new, modified, and deleted documents.
For more details, see [Sync mode](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-mode).
1. In **Sync run schedule**, for **Frequency** – Choose how often Amazon Q will sync with your data source. For more details, see [Sync run schedule](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-run). To learn how to start a data sync job, see [Starting data source connector sync jobs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/supported-datasource-actions.html#start-datasource-sync-jobs).
1. **Tags - *optional*** – Add tags to search and filter your resources or track your AWS costs. See [Tags](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tagging.html) for more details.
1. **Field mappings** – A list of data source document attributes to map to your index fields.
**Note**
Add or update the fields from the **Data source details** page after you finish adding your data source. You can choose from two types of fields:
1. **Default** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can't edit these.
1. **Custom** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can edit these. You can also create and add new custom fields.
**Note**
Support for adding custom fields varies by connector. You won't see the **Add field** option if your connector doesn't support adding custom fields.
For more information, see [Field mappings](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-field-mappings).
1. In **Data source details**, choose **Sync now** to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use.
**Note**
View CloudWatch logs for your data source sync job by selecting **View CloudWatch logs**. If you encounter a `Resource not found exception` error, wait and try again as logs may not be available immediately.
You can also view a detailed document-level report by selecting **View Report**. This report shows the status of each document during the crawl, sync, and index stages, including any errors. If the report is empty for an in-progress job, check back later as data is emitted to the report as events occur during the sync process.
For more information, see [Troubleshooting data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/troubleshooting-data-sources.html#troubleshooting-data-sources-not-indexed).
# Connecting Amazon Q Business to SharePoint Server 2019 using APIs
You use the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) action to connect a data source to your Amazon Q application. You can also use the [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) action to modify an existing data source configuration.
Then, you use the `configuration` parameter to provide a JSON blob that conforms the AWS-defined JSON schema.
For an example of the API request, see [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) and [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) in the Amazon Q API Reference.
**Topics**
+ [SharePoint Server 2019 configuration properties](#sharepoint-server-2019-configuration-keys)
+ [SharePoint Server 2019 JSON schema](#sharepoint-server-2019-json)
+ [SharePoint Server 2019 JSON schema example](#sharepoint-server-2019-api-json-example)
## SharePoint Server 2019 configuration properties
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has a sub-property called `repositoryEndpointMetadata`. | Yes |
| `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Yes |
| `tenantId` | The tenant id of your SharePoint account. | `string` OAuth2 series required | Yes |
| `domain` | The domain of your SharePoint account. | `string` | Yes |
| `siteUrls` | The host URLs of your SharePoint account. | `array (string)` Specify the URL in the pattern `https://*` | Yes |
| `repositoryAdditionalProperties` | Additional properties to connect with your repository endpoint. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Yes |
| `authType` | The type of authentication you are using: NTLM, Kerberos, or OAuth2App. | `string` | Yes |
| `version` | The SharePoint version you are using: Sever. | `string (Server)` | Yes |
| `onPremVersion` | The SharePoint version that you are using. | `string` Valid values are ` ` (empty), `2013`, `2016`, `2019`, and `SubscriptionEdition`. | Yes |
| `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | A list of objects that map the attributes or field names of your SharePoint Server 2019 pages and assets to Amazon Q index field names. | `object` These properties have the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | No |
| `indexFieldName` | The field name of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` | Yes |
| `indexFieldType` | The field type of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` The allowed values are `STRING`, `STRING_LIST`, and `DATE`. | Yes |
| `dataSourceFieldName` | The data source field name of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` | Yes |
| `dateFieldFormat` | The date format of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` Specify the date format in the form `yyyy-MM-dd"T"HH:mm:ss"Z"` | No |
| `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | A list of regular expression patterns to include/exclude specific files in your SharePoint data source. Files that match the patterns are included in the index. File that don&t match the patterns are excluded from the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the file isn&t included in the index. | `array (string)` | No |
| `aclConfiguration` | Specifes how your ACL is configured. | `string>` Valid values are `ACLWithLDAPEmailFmt`, `ACLWithManualEmailFmt`, or `ACLWithUsernameFmt`. | No |
| `proxyHost` | The host where the web proxy is required. The host name should be without protocol (http:// or https://). | `string` | Yes |
| `proxyPort` | Port used by the host URL transport protocol. The port number should be a numeric value between 0 and 65535. | `string` | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Input TRUE to index. | `boolean` | No |
| `maxFileSizeInMegaBytes` | Specify the maximum single file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` | No |
| `sslCertificatePath` | Configuration information to access the SSL certificate stored in your Amazon S3 bucket. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | No |
| `bucket` | The name of the Amazon S3 bucket that stores your Microsoft Entra ID (formerly Azure AD) self-signed X.509 certificate. | `string` | Yes |
| `key` | The name of the SSL certificate stored in your Amazon S3 bucket. | `string` | Yes |
| `type` | We recommend that you use SHAREPOINTV2 as your data source type. | `string` Valid values are `SHAREPOINTV2` and `SHAREPOINT`. | Yes |
| `enableIdentityCrawler` | true to activate identity crawler. Identity crawler is activated by default. Crawling identity information on users and groups with access to specific documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. See [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler) for more information. | `boolean` | Yes |
| `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-api.html) | Yes |
| `secretARN` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your SharePoint. If you use OAuth2App authentication, provide the client ID, client secret, LDAP URL, LDAP base DN, LDAP user name, and LDAP password. If you use NTLM or Kerberos authentication, provide the user name, password, LDAP URL, Base DN, LDAP user, and LDAP password. | `string` The minimum length is 20 and the maximum length is 2,048 characters. If you use Sharepoint App-Only authentication (`authType` should be `OAuth2App` authentication) the secret must contain a JSON structure with the following keys: {
"clientId": "client ID",
"clientSecret": "client secret",
"ldapUrl": "LDAP URL",
"ldbaseDn": "LDAP base DN",
"ldapUser": "LDAP user name",
"ldapPassword": "LDAP password"
} If you use NTLM authentication or Kerberos authentication, the secret must contain a JSON structure with the following keys: {
"userName": "SharePoint account user name",
"password": "SharePoint account password",
"ldapUrl": "LDAP URL",
"baseDn": "LDAP base DN",
"ldapUser": "LDAP user name",
"ldapPassword": "LDAP password"
} | Yes |
| `version` | The version of this template that&s currently supported. | `string` | No |
## SharePoint Server 2019 JSON schema
The following is the SharePoint Server 2019 JSON schema:
```
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["SHAREPOINTV2", "SHAREPOINT"]
},
"syncMode": {
"type": "string",
"enum": ["FULL_CRAWL", "FORCED_FULL_CRAWL", "CHANGE_LOG"]
},
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"enableIdentityCrawler": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"sslCertificatePath": {
"type": "object",
"properties": {
"bucket": {
"type": "string",
"pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$",
"minLength": 3,
"maxLength": 63
},
"key": {
"type": "string",
"minLength": 1,
"maxLength": 10240
}
},
"required": ["bucket", "key"]
},
"connectionConfiguration": {
"type": "object",
"properties": {
"repositoryEndpointMetadata": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36
},
"domain": {
"type": "string"
},
"siteUrls": {
"type": "array",
"items": {
"type": "string",
"pattern": "https://.*"
}
},
"repositoryAdditionalProperties": {
"type": "object",
"properties": {
"authType": {
"type": "string",
"enum": ["OAuth2App", "NTLM", "Kerberos"]
},
"version": {
"type": "string",
"enum": ["Server"]
},
"onPremVersion": {
"type": "string",
"enum": ["", "2013", "2016", "2019", "SubscriptionEdition"]
},
"enableDeletionProtection": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
],
"default": false
},
"deletionProtectionThreshold": {
"type": "string",
"default": "15"
}
},
"required": ["authType", "version"]
}
},
"required": ["siteUrls", "domain", "repositoryAdditionalProperties"]
}
},
"required": ["repositoryEndpointMetadata"]
},
"repositoryConfigurations": {
"type": "object",
"properties": {
"event": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"page": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "LONG"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"file": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "LONG"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"link": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"attachment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"comment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
}
}
},
"additionalProperties": {
"type": "object",
"properties": {
"eventTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"pageTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"linkTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFilePath": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFilePath": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionOneNoteSectionNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionOneNoteSectionNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionOneNotePageNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionOneNotePageNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"crawlFiles": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlPages": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlEvents": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlComments": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlLinks": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlAttachments": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlListData": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlAcl": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"aclConfiguration": {
"type": "string",
"enum": [
"ACLWithLDAPEmailFmt",
"ACLWithManualEmailFmt",
"ACLWithUsernameFmt"
]
},
"emailDomain": {
"type": "string"
},
"isCrawlLocalGroupMapping": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlAdGroupMapping": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"proxyHost": {
"type": "string"
},
"proxyPort": {
"type": "string"
},
"maxFileSizeInMegaBytes": {
"type": "string"
}
},
"required": []
},
"version": {
"type": "string",
"anyOf": [
{
"pattern": "1.0.0"
}
]
}
},
"required": [
"type",
"secretArn",
"syncMode",
"enableIdentityCrawler",
"connectionConfiguration",
"repositoryConfigurations",
"additionalProperties"
]
}
```
## SharePoint Server 2019 JSON schema example
The following is the SharePoint Server 2019 JSON schema example:
```
{
"type": "SHAREPOINTV2",
"syncMode": "FULL_CRAWL",
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-sharepoint-secret",
"enableIdentityCrawler": "true",
"sslCertificatePath": {
"bucket": "my-sharepoint-bucket",
"key": "ssl/cert.pem"
},
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"tenantId": "1234567a-890b-1234-567c-123456789012",
"domain": "mycompany.sharepoint.com",
"siteUrls": [
"https://mycompany.sharepoint.com/sites/TeamSite"
],
"repositoryAdditionalProperties": {
"authType": "OAuth2",
"version": "Server",
"onPremVersion": "2019",
"enableDeletionProtection": "false",
"deletionProtectionThreshold": "15"
}
}
},
"repositoryConfigurations": {
"event": {
"fieldMappings": [
{
"indexFieldName": "event_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"page": {
"fieldMappings": [
{
"indexFieldName": "page_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"file": {
"fieldMappings": [
{
"indexFieldName": "file_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"link": {
"fieldMappings": [
{
"indexFieldName": "link_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"attachment": {
"fieldMappings": [
{
"indexFieldName": "attachment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"comment": {
"fieldMappings": [
{
"indexFieldName": "comment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
}
},
"additionalProperties": {
"eventTitleFilterRegEx": [
"^.*$"
],
"pageTitleFilterRegEx": [
"^.*$"
],
"linkTitleFilterRegEx": [
"^.*$"
],
"inclusionFilePath": [
"documents/"
],
"exclusionFilePath": [
"drafts/"
],
"inclusionFileTypePatterns": [
"*.pdf",
"*.docx"
],
"exclusionFileTypePatterns": [
"*.tmp"
],
"inclusionFileNamePatterns": [
"*report*"
],
"exclusionFileNamePatterns": [
"*draft*"
],
"inclusionOneNoteSectionNamePatterns": [
"*"
],
"exclusionOneNoteSectionNamePatterns": [
"archived"
],
"inclusionOneNotePageNamePatterns": [
"*"
],
"exclusionOneNotePageNamePatterns": [
"test"
],
"crawlFiles": "true",
"crawlPages": "true",
"crawlEvents": "true",
"crawlComments": "true",
"crawlLinks": "true",
"crawlAttachments": "true",
"crawlListData": "false",
"crawlAcl": "true",
"aclConfiguration": "ACLWithUsernameFmt",
"emailDomain": "mycompany.com",
"isCrawlLocalGroupMapping": "false",
"isCrawlAdGroupMapping": "true",
"proxyHost": "proxy.mycompany.com",
"proxyPort": "8080",
"maxFileSizeInMegaBytes": "50"
},
"version": "1.0.0"
}
```
# Connecting Amazon Q Business to SharePoint Server 2019 using AWS CloudFormation
You use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html) resource to connect a data source to your Amazon Q application.
Use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid) property to provide a JSON or YAML schema with the necessary configuration details specific to your data source connector.
To learn more about AWS CloudFormation, see [What is AWS CloudFormation?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in the *CloudFormation User Guide*.
**Topics**
+ [SharePoint Server 2019 configuration properties](#sharepoint-server-2019-configuration-keys)
+ [SharePoint Server 2019 JSON schema for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-json)
+ [SharePoint Server 2019 YAML schema for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-yaml)
## SharePoint Server 2019 configuration properties
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has a sub-property called `repositoryEndpointMetadata`. | Yes |
| `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Yes |
| `tenantId` | The tenant id of your SharePoint account. | `string` OAuth2 series required | Yes |
| `domain` | The domain of your SharePoint account. | `string` | Yes |
| `siteUrls` | The host URLs of your SharePoint account. | `array (string)` Specify the URL in the pattern `https://*` | Yes |
| `repositoryAdditionalProperties` | Additional properties to connect with your repository endpoint. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Yes |
| `authType` | The type of authentication you are using: NTLM, Kerberos, or OAuth2App. | `string` | Yes |
| `version` | The SharePoint version you are using: Sever. | `string (Server)` | Yes |
| `onPremVersion` | The SharePoint version that you are using. | `string` Valid values are ` ` (empty), `2013`, `2016`, `2019`, and `SubscriptionEdition`. | Yes |
| `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | A list of objects that map the attributes or field names of your SharePoint Server 2019 pages and assets to Amazon Q index field names. | `object` These properties have the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | No |
| `indexFieldName` | The field name of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` | Yes |
| `indexFieldType` | The field type of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` The allowed values are `STRING`, `STRING_LIST`, and `DATE`. | Yes |
| `dataSourceFieldName` | The data source field name of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` | Yes |
| `dateFieldFormat` | The date format of your SharePoint Server 2019 events, pages, files, links, attachments, or comments. | `string` Specify the date format in the form `yyyy-MM-dd"T"HH:mm:ss"Z"` | No |
| `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | A list of regular expression patterns to include/exclude specific files in your SharePoint data source. Files that match the patterns are included in the index. File that don&t match the patterns are excluded from the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the file isn&t included in the index. | `array (string)` | No |
| `aclConfiguration` | Specifes how your ACL is configured. | `string>` Valid values are `ACLWithLDAPEmailFmt`, `ACLWithManualEmailFmt`, or `ACLWithUsernameFmt`. | No |
| `proxyHost` | The host where the web proxy is required. The host name should be without protocol (http:// or https://). | `string` | Yes |
| `proxyPort` | Port used by the host URL transport protocol. The port number should be a numeric value between 0 and 65535. | `string` | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Input TRUE to index. | `boolean` | No |
| `maxFileSizeInMegaBytes` | Specify the maximum single file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` | No |
| `sslCertificatePath` | Configuration information to access the SSL certificate stored in your Amazon S3 bucket. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | No |
| `bucket` | The name of the Amazon S3 bucket that stores your Microsoft Entra ID (formerly Azure AD) self-signed X.509 certificate. | `string` | Yes |
| `key` | The name of the SSL certificate stored in your Amazon S3 bucket. | `string` | Yes |
| `type` | We recommend that you use SHAREPOINTV2 as your data source type. | `string` Valid values are `SHAREPOINTV2` and `SHAREPOINT`. | Yes |
| `enableIdentityCrawler` | true to activate identity crawler. Identity crawler is activated by default. Crawling identity information on users and groups with access to specific documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. See [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler) for more information. | `boolean` | Yes |
| `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/sharepoint-server-2019-cfn.html) | Yes |
| `secretARN` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your SharePoint. If you use OAuth2App authentication, provide the client ID, client secret, LDAP URL, LDAP base DN, LDAP user name, and LDAP password. If you use NTLM or Kerberos authentication, provide the user name, password, LDAP URL, Base DN, LDAP user, and LDAP password. | `string` The minimum length is 20 and the maximum length is 2,048 characters. If you use Sharepoint App-Only authentication (`authType` should be `OAuth2App` authentication) the secret must contain a JSON structure with the following keys: {
"clientId": "client ID",
"clientSecret": "client secret",
"ldapUrl": "LDAP URL",
"ldbaseDn": "LDAP base DN",
"ldapUser": "LDAP user name",
"ldapPassword": "LDAP password"
} If you use NTLM authentication or Kerberos authentication, the secret must contain a JSON structure with the following keys: {
"userName": "SharePoint account user name",
"password": "SharePoint account password",
"ldapUrl": "LDAP URL",
"baseDn": "LDAP base DN",
"ldapUser": "LDAP user name",
"ldapPassword": "LDAP password"
} | Yes |
| `version` | The version of this template that&s currently supported. | `string` | No |
## SharePoint Server 2019 JSON schema for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 JSON schema and examples for the configuration property for AWS CloudFormation.
**Topics**
+ [SharePoint Server 2019 JSON schema for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-json-schema)
+ [SharePoint Server 2019 JSON schema example for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-json-example)
### SharePoint Server 2019 JSON schema for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 JSON schema for the configuration property for CloudFormation
```
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["SHAREPOINTV2", "SHAREPOINT"]
},
"syncMode": {
"type": "string",
"enum": ["FULL_CRAWL", "FORCED_FULL_CRAWL", "CHANGE_LOG"]
},
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"enableIdentityCrawler": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"sslCertificatePath": {
"type": "object",
"properties": {
"bucket": {
"type": "string",
"pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$",
"minLength": 3,
"maxLength": 63
},
"key": {
"type": "string",
"minLength": 1,
"maxLength": 10240
}
},
"required": ["bucket", "key"]
},
"connectionConfiguration": {
"type": "object",
"properties": {
"repositoryEndpointMetadata": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36
},
"domain": {
"type": "string"
},
"siteUrls": {
"type": "array",
"items": {
"type": "string",
"pattern": "https://.*"
}
},
"repositoryAdditionalProperties": {
"type": "object",
"properties": {
"authType": {
"type": "string",
"enum": ["OAuth2App", "NTLM", "Kerberos"]
},
"version": {
"type": "string",
"enum": ["Server"]
},
"onPremVersion": {
"type": "string",
"enum": ["", "2013", "2016", "2019", "SubscriptionEdition"]
},
"enableDeletionProtection": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
],
"default": false
},
"deletionProtectionThreshold": {
"type": "string",
"default": "15"
}
},
"required": ["authType", "version"]
}
},
"required": ["siteUrls", "domain", "repositoryAdditionalProperties"]
}
},
"required": ["repositoryEndpointMetadata"]
},
"repositoryConfigurations": {
"type": "object",
"properties": {
"event": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"page": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "LONG"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"file": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "LONG"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"link": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"attachment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"comment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "STRING_LIST", "DATE"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
}
}
},
"additionalProperties": {
"type": "object",
"properties": {
"eventTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"pageTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"linkTitleFilterRegEx": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFilePath": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFilePath": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionOneNoteSectionNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionOneNoteSectionNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionOneNotePageNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionOneNotePageNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"crawlFiles": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlPages": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlEvents": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlComments": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlLinks": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlAttachments": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlListData": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"crawlAcl": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"aclConfiguration": {
"type": "string",
"enum": [
"ACLWithLDAPEmailFmt",
"ACLWithManualEmailFmt",
"ACLWithUsernameFmt"
]
},
"emailDomain": {
"type": "string"
},
"isCrawlLocalGroupMapping": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlAdGroupMapping": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"proxyHost": {
"type": "string"
},
"proxyPort": {
"type": "string"
},
"maxFileSizeInMegaBytes": {
"type": "string"
}
},
"required": []
},
"version": {
"type": "string",
"anyOf": [
{
"pattern": "1.0.0"
}
]
}
},
"required": [
"type",
"secretArn",
"syncMode",
"enableIdentityCrawler",
"connectionConfiguration",
"repositoryConfigurations",
"additionalProperties"
]
}
```
### SharePoint Server 2019 JSON schema example for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 JSON schema example for the configuration property for CloudFormation
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "CloudFormation SHAREPOINT Data Source Template",
"Resources": {
"DataSourceSharePoint": {
"Type": "AWS::QBusiness::DataSource",
"Properties": {
"ApplicationId": "app12345-1234-1234-1234-123456789012",
"IndexId": "indx1234-1234-1234-1234-123456789012",
"DisplayName": "MySharePointDataSource",
"RoleArn": "arn:aws:iam::123456789012:role/qbusiness-data-source-role",
"Configuration": {
"type": "SHAREPOINTV2",
"syncMode": "FULL_CRAWL",
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-sharepoint-secret",
"enableIdentityCrawler": "true",
"sslCertificatePath": {
"bucket": "my-sharepoint-bucket",
"key": "ssl/cert.pem"
},
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"tenantId": "1234567a-890b-1234-567c-123456789012",
"domain": "mycompany.sharepoint.com",
"siteUrls": [
"https://mycompany.sharepoint.com/sites/TeamSite"
],
"repositoryAdditionalProperties": {
"authType": "OAuth2",
"version": "Server",
"onPremVersion": "2019",
"enableDeletionProtection": "false",
"deletionProtectionThreshold": "15"
}
}
},
"repositoryConfigurations": {
"event": {
"fieldMappings": [
{
"indexFieldName": "event_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"page": {
"fieldMappings": [
{
"indexFieldName": "page_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"file": {
"fieldMappings": [
{
"indexFieldName": "file_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"link": {
"fieldMappings": [
{
"indexFieldName": "link_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"attachment": {
"fieldMappings": [
{
"indexFieldName": "attachment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"comment": {
"fieldMappings": [
{
"indexFieldName": "comment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
}
},
"additionalProperties": {
"eventTitleFilterRegEx": [
"^.*$"
],
"pageTitleFilterRegEx": [
"^.*$"
],
"linkTitleFilterRegEx": [
"^.*$"
],
"inclusionFilePath": [
"documents/"
],
"exclusionFilePath": [
"drafts/"
],
"inclusionFileTypePatterns": [
"*.pdf",
"*.docx"
],
"exclusionFileTypePatterns": [
"*.tmp"
],
"inclusionFileNamePatterns": [
"*report*"
],
"exclusionFileNamePatterns": [
"*draft*"
],
"inclusionOneNoteSectionNamePatterns": [
"*"
],
"exclusionOneNoteSectionNamePatterns": [
"archived"
],
"inclusionOneNotePageNamePatterns": [
"*"
],
"exclusionOneNotePageNamePatterns": [
"test"
],
"crawlFiles": "true",
"crawlPages": "true",
"crawlEvents": "true",
"crawlComments": "true",
"crawlLinks": "true",
"crawlAttachments": "true",
"crawlListData": "false",
"crawlAcl": "true",
"aclConfiguration": "ACLWithUsernameFmt",
"emailDomain": "mycompany.com",
"isCrawlLocalGroupMapping": "false",
"isCrawlAdGroupMapping": "true",
"proxyHost": "proxy.mycompany.com",
"proxyPort": "8080",
"maxFileSizeInMegaBytes": "50"
}
}
}
}
}
}
```
## SharePoint Server 2019 YAML schema for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 YAML schema and examples for the configuration property for AWS CloudFormation:
**Topics**
+ [SharePoint Server 2019 YAML schema for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-yaml-schema)
+ [SharePoint Server 2019 YAML schema example for using the configuration property with AWS CloudFormation](#sharepoint-server-2019-cfn-yaml-example)
### SharePoint Server 2019 YAML schema for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 YAML schema for the configuration property for CloudFormation.
```
type: object
properties:
type:
type: string
enum:
- SHAREPOINTV2
- SHAREPOINT
syncMode:
type: string
enum:
- FULL_CRAWL
- FORCED_FULL_CRAWL
- CHANGE_LOG
secretArn:
type: string
minLength: 20
maxLength: 2048
enableIdentityCrawler:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
sslCertificatePath:
type: object
properties:
bucket:
type: string
pattern: '^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$'
minLength: 3
maxLength: 63
key:
type: string
minLength: 1
maxLength: 10240
required:
- bucket
- key
connectionConfiguration:
type: object
properties:
repositoryEndpointMetadata:
type: object
properties:
tenantId:
type: string
pattern: "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
minLength: 36
maxLength: 36
domain:
type: string
siteUrls:
type: array
items:
type: string
pattern: "https://.*"
repositoryAdditionalProperties:
type: object
properties:
authType:
type: string
enum:
- OAuth2App
- NTLM
- Kerberos
version:
type: string
enum:
- Server
onPremVersion:
type: string
enum:
- ""
- "2013"
- "2016"
- "2019"
- SubscriptionEdition
enableDeletionProtection:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
default: false
deletionProtectionThreshold:
type: string
default: "15"
required:
- authType
- version
required:
- siteUrls
- domain
- repositoryAdditionalProperties
required:
- repositoryEndpointMetadata
repositoryConfigurations:
type: object
properties:
event:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- STRING_LIST
- DATE
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
page:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- DATE
- LONG
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
file:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- DATE
- LONG
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
link:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- STRING_LIST
- DATE
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
attachment:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- STRING_LIST
- DATE
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
comment:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- STRING_LIST
- DATE
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
required: []
additionalProperties:
type: object
properties:
eventTitleFilterRegEx:
type: array
items:
type: string
pageTitleFilterRegEx:
type: array
items:
type: string
linkTitleFilterRegEx:
type: array
items:
type: string
inclusionFilePath:
type: array
items:
type: string
exclusionFilePath:
type: array
items:
type: string
inclusionFileTypePatterns:
type: array
items:
type: string
exclusionFileTypePatterns:
type: array
items:
type: string
inclusionFileNamePatterns:
type: array
items:
type: string
exclusionFileNamePatterns:
type: array
items:
type: string
inclusionOneNoteSectionNamePatterns:
type: array
items:
type: string
exclusionOneNoteSectionNamePatterns:
type: array
items:
type: string
inclusionOneNotePageNamePatterns:
type: array
items:
type: string
exclusionOneNotePageNamePatterns:
type: array
items:
type: string
crawlFiles:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlPages:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlEvents:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlComments:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlLinks:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlAttachments:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlListData:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
crawlAcl:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
aclConfiguration:
type: string
enum:
- ACLWithLDAPEmailFmt
- ACLWithManualEmailFmt
- ACLWithUsernameFmt
emailDomain:
type: string
isCrawlLocalGroupMapping:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
isCrawlAdGroupMapping:
anyOf:
- type: boolean
- type: string
enum:
- true
- false
proxyHost:
type: string
proxyPort:
type: string
maxFileSizeInMegaBytes:
type: string
required: []
version:
type: string
anyOf:
- pattern: 1.0.0
required:
- type
- secretArn
- syncMode
- enableIdentityCrawler
- connectionConfiguration
- repositoryConfigurations
- additionalProperties
```
### SharePoint Server 2019 YAML schema example for using the configuration property with AWS CloudFormation
The following is the SharePoint Server 2019 YAML example for the Configuration property for CloudFormation:
```
{
"type": "SHAREPOINTV2",
"syncMode": "FULL_CRAWL",
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-sharepoint-secret",
"enableIdentityCrawler": "true",
"sslCertificatePath": {
"bucket": "my-sharepoint-bucket",
"key": "ssl/cert.pem"
},
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"tenantId": "1234567a-890b-1234-567c-123456789012",
"domain": "mycompany.sharepoint.com",
"siteUrls": [
"https://mycompany.sharepoint.com/sites/TeamSite"
],
"repositoryAdditionalProperties": {
"authType": "OAuth2",
"version": "Server",
"onPremVersion": "2019",
"enableDeletionProtection": "false",
"deletionProtectionThreshold": "15"
}
}
},
"repositoryConfigurations": {
"event": {
"fieldMappings": [
{
"indexFieldName": "event_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"page": {
"fieldMappings": [
{
"indexFieldName": "page_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"file": {
"fieldMappings": [
{
"indexFieldName": "file_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"link": {
"fieldMappings": [
{
"indexFieldName": "link_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"attachment": {
"fieldMappings": [
{
"indexFieldName": "attachment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"comment": {
"fieldMappings": [
{
"indexFieldName": "comment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
}
},
"additionalProperties": {
"eventTitleFilterRegEx": [
"^.*$"
],
"pageTitleFilterRegEx": [
"^.*$"
],
"linkTitleFilterRegEx": [
"^.*$"
],
"inclusionFilePath": [
"documents/"
],
"exclusionFilePath": [
"drafts/"
],
"inclusionFileTypePatterns": [
"*.pdf",
"*.docx"
],
"exclusionFileTypePatterns": [
"*.tmp"
],
"inclusionFileNamePatterns": [
"*report*"
],
"exclusionFileNamePatterns": [
"*draft*"
],
"inclusionOneNoteSectionNamePatterns": [
"*"
],
"exclusionOneNoteSectionNamePatterns": [
"archived"
],
"inclusionOneNotePageNamePatterns": [
"*"
],
"exclusionOneNotePageNamePatterns": [
"test"
],
"crawlFiles": "true",
"crawlPages": "true",
"crawlEvents": "true",
"crawlComments": "true",
"crawlLinks": "true",
"crawlAttachments": "true",
"crawlListData": "false",
"crawlAcl": "true",
"aclConfiguration": "ACLWithUsernameFmt",
"emailDomain": "mycompany.com",
"isCrawlLocalGroupMapping": "false",
"isCrawlAdGroupMapping": "true",
"proxyHost": "proxy.mycompany.com",
"proxyPort": "8080",
"maxFileSizeInMegaBytes": "50"
},
"version": "1.0.0"
}
```
# How Amazon Q Business connector crawls SharePoint Server 2019 ACLs
When you connect an SharePoint Server 2019 data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your SharePoint Server 2019 instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.
To filter using a username, use the **User principal name** from your Azure portal. For example, johnstiles@kendra.onmicrosoft.com.
When you use a SharePoint group for user context filtering, calculate the group ID as follows:
**For local groups**
1. Get the site name. For example, `https://host.onmicrosoft.com/sites/siteName.`
1. Take the SHA256 hash of the site name. For example, `430a6b90503eef95c89295c8999c7981`.
1. Create the group ID by concatenating the SHA256 hash with a vertical bar ( \$1 ) and the group name. For example, if the group name is "local group name", the group ID is the following:
`"430a6b90503eef95c89295c8999c7981 | localGroupName"` (with a space before and after the vertical bar).
For more information, see:
+ [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization)
+ [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler)
+ [Understanding User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html)
# Amazon Q Business SharePoint Server 2019 data source connector field mappings
To help you structure data for retrieval and chat filtering, Amazon Q Business crawls data source document attributes or metadata and maps them to fields in your Amazon Q index.
Amazon Q has reserved fields that it uses when querying your application. When possible, Amazon Q automatically maps these built-in fields to attributes in your data source. If a built-in field doesn't have a default mapping, or if you want to map additional index fields, use the custom field mappings to specify how a data source attribute maps to your Amazon Q application. You create field mappings by editing your data source after your application environment and retriever are created.
To learn more about document attributes and how they work in Amazon Q, see [Document attributes and types in Amazon Q](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/doc-attributes-types.html).
**Important**
Filtering using document attributes in chat is only supported through the API.
The Amazon Q Sharepoint connector supports the following entities and the associated reserved and custom attributes.
**Important**
If you map any SharePoint Server 2019 field to Amazon Q document title and document body fields, Amazon Q will generate responses from data in the document title and body.
**Note**
You can map any Sharepoint field to the document title or document body Amazon Q reserved/default index fields.
**Topics**
+ [Files](#sharepoint-field-mappings-files)
+ [Events](#sharepoint-field-mappings-events)
+ [Pages](#sharepoint-field-mappings-pages)
+ [Links](#sharepoint-field-mappings-links)
+ [Attachments](#sharepoint-field-mappings-attachments)
## Files
| Sharepoint field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| title | \$1document\$1title | Default | String |
| lastModifiedDateTime | \$1last\$1updated\$1at | Default | Date |
| sourceUri | \$1source\$1uri | Default | String |
| checkInComment | sp\$1checkInComment | Custom | String |
| createdAt | \$1created\$1at | Default | Date |
| size | sp\$1sizeLong | Custom | Long (numeric) |
| majorVersion | sp\$1majorVersion | Custom | String |
| uiVersionLabel | sp\$1uiVersionLabel | Custom | String |
| uniqueId | sp\$1uniqueId | Custom | String |
| irmEnabled | sp\$1irmEnabled | Custom | String |
| checkOutType | sp\$1checkOutType | Custom | String |
| author | \$1authors | Default | String list |
| category | \$1category | Default | String |
| modifiedBy | sp\$1modifiedBy | Custom | String |
| level | sp\$1level | Custom | String |
| uiVersion | sp\$1uiVersion | Custom | String |
| contentTag | sp\$1contentTag | Custom | String |
| eTag | sp\$1eTag | Custom | String |
| oneNoteDocument | sp\$1oneNoteDocument | Custom | String |
| oneNoteSection | sp\$1oneNoteSection | Custom | String |
| oneNotePage | sp\$1oneNotePage | Custom | String |
## Events
| Sharepoint field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| title | \$1document\$1title | Default | String |
| lastModifiedDateTime | \$1last\$1updated\$1at | Default | Date |
| sourceUri | \$1source\$1uri | Default | String |
| attachments | sp\$1hasAttachments | Custom | String |
| createdDate | \$1created\$1at | Default | Date |
| authorId | sp\$1authorId | Custom | String |
| editorId | sp\$1editorId | Custom | String |
| location | sp\$1location | Custom | String |
| eventDate | sp\$1eventDate | Custom | Date |
| eventEndDate | sp\$1eventEndDate | Custom | Date |
| ifRecurrence | sp\$1ifRecurrence | Custom | String |
| ifAllDayEvent | sp\$1ifAllDayEvent | Custom | String |
| category | \$1category | Default | String |
| eventCategory | sp\$1eventcategory | Custom | String |
## Pages
| Sharepoint field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| createdDateTime | \$1created\$1at | Default | Date |
| lastModifiedDateTime | \$1last\$1updated\$1at | Default | Date |
| title | \$1document\$1title | Default | String |
| sourceUri | \$1source\$1uri | Default | String |
| firstPublishedDate | sp\$1firstPublishedDate | Custom | Date |
| authorId | sp\$1authorId | Custom | String |
| editorId | sp\$1editorId | Custom | String |
| category | \$1category | Default | String |
## Links
| Sharepoint field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| createdAt | \$1created\$1at | Default | Date |
| lastModifiedDateTime | \$1last\$1updated\$1at | Default | Date |
| title | \$1document\$1title | Default | String |
| sourceUri | \$1source\$1uri | Default | String |
| fileType | sp\$1fileType | Custom | String |
| fileDirPath | sp\$1fileDirPath | Custom | String |
| firstPublishedDate | sp\$1firstPublishedDate | Custom | Date |
| authorId | sp\$1authorId | Custom | String |
| editorId | sp\$1editorId | Custom | String |
| category | \$1category | Default | String |
| size | sp\$1sizeLong | Custom | Long (numeric) |
## Attachments
| Sharepoint field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| title | sp\$1\$1title | Custom | String |
| parentCreatedDate | \$1created\$1at | Default | Date |
| sourceUri | \$1source\$1uri | Default | String |
| parentModifiedDate | \$1last\$1updated\$1at | Custom | Date |
| parentListId | sp\$1parentListId | Custom | String |
| parentTitle | sp\$1parentTitle | Custom | String |
| category | \$1category | Default | String |
# IAM role for Amazon Q Business SharePoint Server 2019 connector
**Note**
**(Optional)** If you use **Azure App-Only authentication**, you also need to add permissions for Amazon Q to access the certificate stored in your Amazon S3 bucket.
If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create an Amazon Q resource. When you call the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) operation, you provide the Amazon Resource Name (ARN) role with the policy attached.
If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role.
To learn more about IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *AWS Identity and Access Management User Guide*.
To connect your data source connector to Amazon Q, you must give Amazon Q an IAM role that has the following permissions:
+ Permission to access the `BatchPutDocument` and `BatchDeleteDocument` operations to ingest documents.
+ Permission to access the [User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) API operations to ingest user and group access control information from documents.
+ Permission to access your AWS Secrets Manager secret to authenticate your data source connector instance.
+ Permission to access the SSL certificate stored in your Amazon S3 bucket.
+ **(Optional)** If you're using Amazon VPC, permission to access your Amazon VPC.
```
{
"Version": "2012-10-17", ,
"Statement": [{
"Sid": "AllowsAmazonQToGetS3Objects",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::{{input_bucket_name}}/*"
],
"Effect": "Allow",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "{{account_id}}"
}
}
},
{
"Sid": "AllowsAmazonQToGetSecret",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:{{region}}:{{account_id}}:secret:[[secret_id]]"
]
},
{
"Sid": "AllowsAmazonQToDecryptSecret",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:{{region}}:{{account_id}}:key/[[key_id]]"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"secretsmanager.*.amazonaws.com"
]
}
}
},
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
]
},
{
"Sid": "AllowsAmazonQToIngestPrincipalMapping",
"Effect": "Allow",
"Action": [
"qbusiness:PutGroup",
"qbusiness:CreateUser",
"qbusiness:DeleteGroup",
"qbusiness:UpdateUser",
"qbusiness:ListGroups"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}/data-source/*"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNI",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": [
"arn:aws:ec2:{{region}}:{{account_id}}:subnet/[[subnet_ids]]",
"arn:aws:ec2:{{region}}:{{account_id}}:security-group/[[security_group]]"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNIForSpecificTag",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:RequestTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"AMAZON_Q"
]
}
}
},
{
"Sid": "AllowsAmazonQToCreateTags",
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateNetworkInterface"
}
}
},
{
"Sid": "AllowsAmazonQToCreateNetworkInterfacePermission",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:ResourceTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
}
}
},
{
"Sid": "AllowsAmazonQToDescribeResourcesForVPC",
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
]
}
```
**To allow Amazon Q to assume a role, you must also use the following trust policy:**
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQToAssumeRoleForServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "qbusiness.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{source_account}}"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}"
}
}
}
]
}
```
For more information on Amazon Q data source connector IAM roles, see [IAM roles for Amazon Q data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds).
# Understand error codes in the SharePoint Server 2019 connector
The following table provides information about error codes you may see for the Microsoft SharePoint connector and suggested resolutions.
| Error code | Error message | Suggested resolution |
| --- | --- | --- |
| SPE-5001 | Authentication failed. Configuration might contain wrong credentials. | Provide valid credentials like username, password or client Id, client secret and tenant Id. |
| SPE-5002 | There was a problem while connecting to Host Url and/or Domain. hostUrl and/or domain values might be incorrect. | Provide valid Host URL or Domain. |
| SPE-5003 | Provided URL is incorrect | Provide correct URL. |
| SPE-5004 | Inet Address validation Failed. | Provide valid Inet Address |
| SPE-5005 | Failed : HTTP protocol violation has occurred. | Try running the connector again. |
| SPE-5006 | Cannot connect to proxy. Check the proxy configurations. | Provide valid Proxy configuration details. |
| SPE-5007 | Proxy port is invalid. Check the proxy port. | Provide valid Proxy port. |
| SPE-5008 | Valid SSL Certificate could not be found for connector. | Provide valid SSL certificate. |
| SPE-5009 | There was a problem while connecting to LDAP. Check LDAP configuration. | Provide valid LDAP configuration details. |
| SPE-5100 | There was a problem while retrieving repositoryId. Repository ID might be empty or null. | Ensure that repository Id must not be null or empty. |
| SPE-5101 | There was a problem while retrieving dataSourceIamRoleArn. Data Source IAM Role ARN might be empty or null. | Ensure that dataSourceIamRoleArn must not be null or empty. |
| SPE-5102 | There was a problem while retrieving repository configurations. Repository configurations might be empty or incorrect. | Provide valid repository configurations. |
| SPE-5115 | There was a problem while retrieving field mapping values for event entity. Field mapping values might be empty or incorrect. | Field mapping values for event entity should be correct or non-empty. |
| SPE-5116 | There was a problem while retrieving field mapping values for file entity. Field mapping values might be empty or incorrect. | Field mapping values for file entity should be correct or non-empty. |
| SPE-5117 | There was a problem while retrieving field mapping values for page entity. Field mapping values might be empty or incorrect. | Field mapping values for page entity should be correct or non-empty. |
| SPE-5118 | There was a problem while retrieving field mapping values for link entity. Field mapping values might be empty or incorrect. | Field mapping values for link entity should be correct or non-empty. |
| SPE-5119 | There was a problem while retrieving field mapping values for comment entity. Field mapping values might be empty or incorrect. | Field mapping values for comment entity should be correct or non-empty. |
| SPE-5120 | There was a problem while retrieving field mapping values for attachment entity. Field mapping values might be empty or incorrect. | Field mapping values for attachment entity should be correct or non-empty. |
| SPE-5121 | There was a problem while retrieving values for crawl entities. Values might be empty or incorrect. It should be either true or false. | There might be some incorrect value given in any one of the crawling entities like – null, TRUE or any dummy string. Ensure the value must be non-empty and either true or false. |
| SPE-5122 | There was a problem while retrieving domain. Domain might be empty or null. | Provide Client Id. |
| SPE-5123 | There was a problem while retrieving version. Version might be empty or null. | Provide valid version and it should not be null. |
| SPE-5124 | There was a problem while retrieving authType. Auth-Type might be empty or null. | Ensure AUTH Type in configuration must be not null. |
| SPE-5125 | There was a problem while retrieving clientId. Client ID might be empty or null. | Provide Client Id. |
| SPE-5126 | There was a problem while retrieving clientSecret. Client Secret might be empty or null. | Provide Client Secret. |
| SPE-5127 | There was a problem while retrieving tenantId. Tenant ID might be empty or null. | Provide Tenant Id. |
| SPE-5128 | There was a problem while retrieving siteUrls. Site URLs might be empty or null. | Provide at least one Site Url. |
| SPE-5129 | There was a problem while retrieving password. Password might be empty or null. | Provide password. |
| SPE-5130 | There was a problem while retrieving username.Username might be empty or null. | Provide username. |
| SPE-5131 | There was a problem while retrieving username. Email was invalid. | Provide valid email address. |
| SPE-5132 | There was a problem while retrieving url. This URL was invalid. | Provide a valid URL. |
| SPE-5133 | There was a problem while retrieving s3CertificateName. S3 Certificate Name might be empty or null. | Ensure s3CertificateName is not null or non-empty. |
| SPE-5134 | There was a problem while retrieving s3BucketName. S3 Bucket Name might be empty or null | Ensure s3BucketName is not null or non-empty. |
| SPE-5135 | The provided version was not a valid Sharepoint Connector version. Version should be one of [Online, Server]. | Version should be one of [Online, Server]. |
| SPE-5136 | The provided authType was not a valid Sharepoint Connector authentication method. | Provide valid authType. The value of authType should be one of [Basic, OAuth2Certificate, OAuth2]. |
| SPE-5138 | There was a problem while retrieving onPremVersion. On prem Version might be empty or null | Ensure onPremVersion is not be null or non-empty. |
| SPE-5139 | The provided onPremVersion was not valid Sharepoint on-prem version. On prem version should be one of [2013, 2016, 2019, SubscriptionEdition]. | Provide a valid onPremVersion. On prem version should be one of [2013, 2016, 2019, SubscriptionEdition]. |
| SPE-5140 | There was a problem while retrieving ldapUrl. LDAP Url might be empty or null. | Ensure ldapUrl is not null or empty. |
| SPE-5141 | There was a problem while retrieving baseDn. Base DN might be empty or null. | Ensure baseDn is not be null or empty. |
| SPE-5142 | There was a problem while retrieving privateKey. Private Key might be empty or null. | Please ensure privateKey is not be null or empty. |
| SPE-5144 | There was a problem while retrieving aclConfiguration. ACL Configuration might be empty, null or invalid | Provide valid aclConfiguration. aclConfiguration should be one of [ ACLWithLDAPEmailFmt, ACLWithManualEmailFmt, ACLWithUsernameFmt ]. |
| SPE-5145 | There was a problem while retrieving emailDomain. Email Domain might be empty or null. | Ensure emailDomain is not null or empty. |
| SPE-5146 | There was a problem while retrieving ldapUsername. LDAP Username might be empty or null. | Ensure ldapUser is not null or empty. |
| SPE-5147 | There was a problem while retrieving ldapPassword. LDAP Password might be empty or null. | Ensure ldapPassword is not null or empty. |
| SPE-5149 | The provided siteUrls contain duplicate sites. Remove duplicates. | Ensure SiteUrls must not be the same. |
| SPE-5150 | Invalid Client Id pattern. | Provide the correct client ID. |
| SPE-5151 | Error parsing the field value. Size is over maximum allowed limit. | Ensure the size limit. |
| SPE-5152 | There was a problem while retrieving AD Client ID. AD Client ID should not be empty. | Ensure AD Client Id must be non-empty. |
| SPE-5153 | Invalid AD Client Id pattern. | Provide valid AD Client Id pattern. |
| SPE-5154 | There was a problem while retrieving AD Client Secret. AD Client Secret should not be empty. | Ensure AD Client Secret is non-empty. |
| SPE-5155 | There can't be more than one site for SharePoint on-prem app-only authentication. | Ensure that their must be only single site present for SharePoint on-prem app-only authentication. |
| SPE-5200 | There was a problem while connecting to the URL. | Ensure the siteUrl exists. |