# Connecting Google Calendar to Amazon Q Business (Preview)
**Note**
The Google Calendar connector is in preview release and is subject to change.
Google Calendar is an online calendar tool developed by Google. You can connect a Google Calendar instance to Amazon Q Business—using either the AWS Management Console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) API—and create an Amazon Q web experience.
**Topics**
+ [Known limitations for the Google Calendar connector (Preview)](gcal-limitations.md)
+ [Google Calendar connector overview (Preview)](gcal-overview.md)
+ [Prerequisites for connecting Amazon Q Business to Google Calendar (Preview)](gcal-prereqs.md)
+ [Connecting Amazon Q Business to Google Calendar using the console (Preview)](gcal-console.md)
+ [Connecting Amazon Q Business to Google Calendar using APIs](gcal-api.md)
+ [How Amazon Q Business connector crawls Google Calendar ACLs](gcal-user-management.md)
+ [Google Calendar data source connector field mappings](google-calendar-field-mappings.md)
+ [IAM role for Amazon Q Business Google Calendar connector (Preview)](gcal-iam-role.md)
+ [Understand error codes in the Amazon Q Business Google Calendar connector (Preview)](gcal-error-codes.md)
**Learn more**
+ For an overview of the Amazon Q web experience creation process using IAM Identity Center, see [Configuring an application using IAM Identity Center](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application.html).
+ For an overview of the Amazon Q web experience creation process using AWS Identity and Access Management, see [Configuring an application using IAM](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application-iam.html).
+ For an overview of connector features, see [Data source connector concepts](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html).
+ For information about connector configuration best practices, see [Connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Known limitations for the Google Calendar connector (Preview)
The connector employs a rolling window approach for indexing data. This rolling window mechanism spans a total of six months, with four months of historical data and two months of future data. As the connector syncs and ingests new data, the oldest data that falls beyond the four-month historical window is automatically purged from the index. Simultaneously, new data for the upcoming two months is added to the index, allowing for future data visibility and analysis.
# Google Calendar connector overview (Preview)
The following table gives an overview of the Google Calendar connector and its supported features.
****
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-overview.html)
# Prerequisites for connecting Amazon Q Business to Google Calendar (Preview)
Before you begin, make sure that you have completed the following prerequisites.
**In Google Calendar, make sure you have:**
+ Created a Google Cloud Platform admin account and have created a Google Cloud project.
+ Activated the Google Calendar API and Admin SDK API in your admin account.
+ Created a service account and downloaded a JSON private key for your Google Calendar. For information about how to create and access your private key, see [Create a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating) and [Service account credentials](https://cloud.google.com/iam/docs/service-account-creds#key-types) on the Google Cloud website.
On the Google Cloud website:
+ Copied your admin account email, your service account email, and your private key to use for authentication.
+ Added the following Oauth scopes, using an admin role, for your user and the shared directories you want to index:
+ https://www.googleapis.com/auth/admin.directory.user.readonly
+ https://www.googleapis.com/auth/gmail.readonly
In your AWS account, make sure you have:
+ Created an Amazon Q Business application.
+ Created an Amazon Q Business retriever and added an index.
+ Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your Google Calendar authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your Google Calendar authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Connecting Amazon Q Business to Google Calendar using the console (Preview)
The following procedure outlines how to connect Amazon Q Business to Google Calendar using the AWS Management Console.
**Connecting Amazon Q to Google Calendar**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. From the left navigation menu, choose **Data sources**.
1. From the **Data sources** page, choose **Add data source**.
1. Then, on the **Add data sources** page, from **Data sources**, add the **Google Calendar** data source to your Amazon Q application.
1. Then, on the **Google Calendar** data source page, enter the following information:
1. **Name and description**, do the following:
+ For **Data source name** – Name your data source for easy tracking.
**Note**
You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters.
+ **Description – *optional*** – Add an optional description for your data source. This text is viewed only by Amazon Q Business administrators and can be edited later.
1. **Authorization** – Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. If supported for your connector, you can manage ACLs by selecting ** Enable ACLs ** to enable ACLs or **Disable ACLs** to disable them. To manage ACLs, you need specific IAM permissions. See [Grant permission to create data sources with ACLs disabled](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html#DisableAclOnDataSource) for more details. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details.
1. In **Authentication**, Choose between Google service account or OAuth 2.0 authentication, based on your use case.
1. AWS Secrets Manager secret – Choose an existing secret or create a Secrets Manager secret to store your Google Calendar authentication credentials. If you choose to create a secret, an **AWS Secrets Manager secret** window opens.
1. If you choose **Existing**, select an existing secret for **Select secret**.
1. If you choose New, enter the following information in the New AWS Secrets Manager secret section:
1. **Secret Name** – A name for your secret.
1. If you chose Google service account, enter the following information:
1. **Client email** – The email ID of the service account.
1. **Admin account email** –The email ID of the admin user (the email used by the Service Account User) in your Google service account configuration.
1. **Private key** – The private key created in your Google service account.
1. Choose **Save and add secret**.
1. If you chose OAuth 2.0 authentication, enter the details of Secret Name, Client ID, Client secret and Refresh token that you created in your service account. Then, choose Save and add secret.
1. **Configure VPC and security group – *optional*** – Choose whether you want to use a VPC. If you do, enter the following information:
1. **Subnets** – Select up to 6 repository subnets that define the subnets and IP ranges the repository instance uses in the selected VPC.
1. **VPC security groups** – Choose up to 10 security groups that allow access to your data source. Ensure that the security group allows incoming traffic from Amazon EC2 instances and devices outside your VPC. For databases, security group instances are required.
For more information, see [VPC](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-vpc).
1. **IAM role** – Choose an existing IAM role or create an IAM role to access your repository credentials and index content.
**Note**
Creating a new service IAM role is recommended.
For more information, see [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-connector.html#gcal-iam).
1. In Sync scope, choose from the following options:
+ **All calendars**: Add all the calendars to the index.
+ **Specific calendars only**: Add email addresses associated to only the calendars you want to include in your index.
+ **Exclude specific calendars**: Add email addresses for the calendars you want to exclude from your index.
1. **Advanced settings**
**Document deletion safeguard** - *optional*–To safeguard your documents from deletion during a sync job, select **On** and enter an integer between 0 - 100. If the percentage of documents to be deleted in your sync job exceeds the percentage you selected, the delete phase will be skipped and no documents from this data source will be deleted from your index. For more information, see [Document deletion safeguard](connector-concepts.md#document-deletion-safeguard).
1. For **Sync mode**, choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Q for the first time, all content is synced by default.
+ **Full sync** – Sync all content regardless of the previous sync status.
+ **New, modified, or deleted content sync** – Sync only new, modified, and deleted documents.
1. In **Sync run schedule**, for **Frequency** – Choose how often Amazon Q will sync with your data source. For more details, see [Sync run schedule](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-run). To learn how to start a data sync job, see [Starting data source connector sync jobs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/supported-datasource-actions.html#start-datasource-sync-jobs).
1. **Tags - *optional*** – Add tags to search and filter your resources or track your AWS costs. See [Tags](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tagging.html) for more details.
1. **Field mappings** – A list of data source document attributes to map to your index fields.
**Note**
Add or update the fields from the **Data source details** page after you finish adding your data source. You can choose from two types of fields:
1. **Default** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can't edit these.
1. **Custom** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can edit these. You can also create and add new custom fields.
**Note**
Support for adding custom fields varies by connector. You won't see the **Add field** option if your connector doesn't support adding custom fields.
For more information, see [Field mappings](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-field-mappings).
1. In **Data source details**, choose **Sync now** to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use.
**Note**
View CloudWatch logs for your data source sync job by selecting **View CloudWatch logs**. If you encounter a `Resource not found exception` error, wait and try again as logs may not be available immediately.
You can also view a detailed document-level report by selecting **View Report**. This report shows the status of each document during the crawl, sync, and index stages, including any errors. If the report is empty for an in-progress job, check back later as data is emitted to the report as events occur during the sync process.
For more information, see [Troubleshooting data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/troubleshooting-data-sources.html#troubleshooting-data-sources-not-indexed).
# Connecting Amazon Q Business to Google Calendar using APIs
You use the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) action to connect a data source to your Amazon Q application. You can also use the [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) action to modify an existing data source configuration.
Then, you use the `configuration` parameter to provide a JSON blob that conforms the AWS-defined JSON schema.
For an example of the API request, see [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) and [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) in the Amazon Q API Reference.
**Topics**
+ [Google Calendar configuration properties](#gcal-configuration-keys)
+ [Google Calendar JSON schema](#gcal-json)
+ [Google Calendar JSON schema example](#s3-api-json-example)
## Google Calendar configuration properties
The following table provides information about configuration properties required in the schema.
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| connectionConfiguration | Configuration information for the data source. | `object` This property has the following sub-property: `repositoryEndpointMetadata`. | Yes |
| repositoryEndpointMetadata | The endpoint information for the data source. This data source doesn't specify an endpoint. You choose your authentication type: serviceAccount and OAuth2. The connection information is included in an AWS Secrets Manager secret that you provide the secretArn. | `object` This property has the following sub-property: `authType`. | Yes |
| authType | Choose between serviceAccount and OAuth2, based on your use case. | `string` | Yes |
| repositoryConfigurations | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. | `object` This property has the following sub-properties: `file` and `comment`. | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | A list of objects that map the attributes or field names of your Google calendar to Amazon Q index field names. | `object` `object` These properties have the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | No |
| `indexFieldName` | The field name of your Google Drive to Amazon Q index field names. | `string` | Yes |
| `indexFieldType` | The field type of your Google Drive to Amazon Q index field names. | `string` The allowed values are `STRING`, `STRING_LIST`, and `DATE`. | Yes |
| `dataSourceFieldName` | The data source field name of your Google Calendar to Amazon Q index field names. | `string` | Yes |
| `dateFieldFormat` | The date format of your Google Calendar to Amazon Q index field names. | `string` Specify the date format in the form `yyyy-MM-dd'T'HH:mm:ss'Z'` | No |
| additionalProperties | Additional configuration options for your content in your data source | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | Yes |
| isCrawlAcl | Specify true to crawl access control information by default from documents. Amazon Q Business crawls ACL information to ensure responses are generated only from documents your end users have access to. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details. | `boolean` | No |
| fieldForUserId | Specify field to use for UserId for ACL crawling. | `string` | No |
| inclusionUsersList exclusionUsersLists | A list of email IDs to exclude specific users from your Google Calendardata source. Users whose email IDs match these will be excluded from the index, while users whose email IDs do not match will be included. If a file matches both an exclusion and an inclusion, the exclusion takes precedence, and the file will not be included in the index. | `array` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | The type of source. We recommend GOOGLECALENDAR as your data source type. | `string` Valid values are GOOGLECALENDAR. | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | true to activate identity crawler. Identity crawler is activated by default. Crawling identity information on users and groups with access to certain documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. Amazon Q Business crawls ACL information to ensure responses are generated only from documents your end users have access to. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details. | `boolean` | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: Use `FORCED FULL CRAWL` to freshly re-crawl all content and replace existing content each time your data source syncs with your indexUse.Use `FULL CRAWL` to incrementally crawl only new, modified, and deleted content each time your data source syncs with your index | Yes |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your Google Drive. . | `string` The secret must contain a JSON structure with the following keys: If using Google Service Account authentication: `{"clientEmail": "user account email","adminAccountEmail": "service account email","privateKey": "private key"}If using OAuth 2.0 authentication:{"clientID": "OAuth client ID","clientSecret": "client secret","refreshToken": "refresh token"}` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/gcal-api.html) | The version of this template that's currently supported. | `string` | No |
## Google Calendar JSON schema
The following is the Google Calendar JSON schema:
```
{
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"connectionConfiguration": {
"type": "object",
"properties": {
"repositoryEndpointMetadata": {
"type": "object",
"properties": {
"authType": {
"type": "string",
"enum": [
"OAuth2",
"serviceAccount"
]
}
},
"required": [
"authType"
]
}
},
"required": [
"repositoryEndpointMetadata"
]
},
"repositoryConfigurations": {
"type": "object",
"properties": {
"calendar": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": [
"STRING",
"DATE",
"STRING_LIST",
"LONG"
]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
}
},
"event": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": [
"STRING",
"DATE",
"STRING_LIST"
]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
}
}
}
},
"additionalProperties": {
"type": "object",
"properties": {
"fieldForUserId": {
"type": "string"
},
"isCrawlAcl": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": [
"true",
"false"
]
}
]
},
"inclusionUsersList": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionUsersList": {
"type": "array",
"items": {
"type": "string"
}
},
"enableDeletionProtection": {
"type": "boolean",
"default": false
},
"deletionProtectionThreshold": {
"type": "string",
"default": "15"
}
}
},
"enableIdentityCrawler": {
"type": "boolean"
},
"syncMode": {
"type": "string",
"enum": [
"FULL_CRAWL",
"FORCED_FULL_CRAWL"
]
},
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"type": {
"type": "string",
"pattern": "GOOGLECALENDAR"
},
"version": {
"type": "string",
"anyOf": [
{
"pattern": "1.0.0"
}
]
}
},
"required": [
"connectionConfiguration",
"repositoryConfigurations",
"syncMode",
"additionalProperties",
"secretArn",
"type"
]
}
```
## Google Calendar JSON schema example
The following is the Google Calendar JSON schema example:
```
{
{
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"authType": "serviceAccount"
}
},
"repositoryConfigurations": {
"calendar": {
"fieldMappings": [
{
"indexFieldName": "_category",
"indexFieldType": "STRING",
"dataSourceFieldName": "category"
},
{
"indexFieldName": "_source_uri",
"indexFieldType": "STRING",
"dataSourceFieldName": "sourceUrl"
}
]
},
"event": {
"fieldMappings": [
{
"indexFieldName": "_category",
"indexFieldType": "STRING",
"dataSourceFieldName": "category"
},
{
"indexFieldName": "gcal_location",
"indexFieldType": "STRING",
"dataSourceFieldName": "location"
},
{
"indexFieldName": "_created_at",
"indexFieldType": "DATE",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
"dataSourceFieldName": "created"
},
{
"indexFieldName": "_last_updated_at",
"indexFieldType": "DATE",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
"dataSourceFieldName": "updated"
},
{
"indexFieldName": "gcal_event_start_time",
"indexFieldType": "DATE",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
"dataSourceFieldName": "eventStartTime"
},
{
"indexFieldName": "gcal_event_end_time",
"indexFieldType": "DATE",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
"dataSourceFieldName": "eventEndTime"
},
{
"indexFieldName": "_source_uri",
"indexFieldType": "STRING",
"dataSourceFieldName": "htmlLink"
},
{
"indexFieldName": "gcal_organizer",
"indexFieldType": "STRING",
"dataSourceFieldName": "organizer"
},
{
"indexFieldName": "gcal_attendees",
"indexFieldType": "STRING",
"dataSourceFieldName": "attendees"
},
{
"indexFieldName": "gcal_recurrence",
"indexFieldType": "STRING",
"dataSourceFieldName": "recurrence"
}
]
}
},
"additionalProperties": {
"fieldForUserId": "email",
"isCrawlAcl": true,
"inclusionUsersList": [
"ABC"
],
"exclusionUsersList": [
"TEST"
],
"enableDeletionProtection": true,
"deletionProtectionThreshold": "2"
},
"type": "GOOGLECALENDAR",
"syncMode": "FORCED_FULL_CRAWL",
"enableIdentityCrawler": true,
"secretArn": "arn:aws::secretsmanager:us-west-2:123:secret:AmazonKendra-GoogleCalendar",
"version": "1.0.0"
}
```
# How Amazon Q Business connector crawls Google Calendar ACLs
Connectors support crawling ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security.
Amazon Q Business supports crawling ACLs for document security by default.
When you connect an Google Calendar data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your Google Calendar instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.
For more information, see:
+ [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization)
+ [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler)
+ [Understanding User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html)
# Google Calendar data source connector field mappings
To improve retrieved results and customize the end user chat experience, Amazon Q Business enables you to map document attributes from your data sources to fields in your Amazon Q index.
Amazon Q offers two kinds of attributes to map to index fields:
+ **Reserved or default** – Reserved attributes are based on document attributes that commonly occur in most data. You can use reserved attributes to map commonly occurring document attributes in your data source to Amazon Q index fields.
+ **Custom** – You can create custom attributes to map document attributes that are unique to your data to Amazon Q index fields.
When you connect Amazon Q to a data source, Amazon Q automatically maps specific data source document attributes to fields within an Amazon Q index. If a document attribute in your data source doesn't have a attribute mapping already available, or if you want to map additional document attributes to index fields, use the custom field mappings to specify how a data source attribute maps to an Amazon Q index field. You create field mappings by editing your data source after your application and retriever are created.
To learn more about document attributes and how they work in Amazon Q, see [Document attributes and types in Amazon Q](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/doc-attributes.html).
**Important**
Filtering using document attributes in chat is only supported through the API.
The Amazon Q Google Calendar connector supports the following entities and field mappings.
**Topics**
+ [Files](#gcal-field-mappings-files)
## Files
Calendar
| Google Calendar field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| sourceUrl | \$1sourceUrl | Default | String |
Events
| Google Calendar field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| Location | gcal\$1location | Custom | String |
| eventStartTime | gcal\$1event\$1start\$1time | Custom | Date |
| eventEndTime | gcal\$1event\$1end\$1time | Custom | Date |
| category | \$1category | Default | String |
| created | \$1created\$1at | Default | DateString |
| updated | \$1last\$1updated\$1at | Default | Date |
| htmlLink | \$1source\$1url | Default | String |
| attendees | gcal\$1attendees | Custom | String |
| organizer | gcal\$1organizer | Custom | String |
| recurrence | gcal\$1recurrence | Custom | String |
# IAM role for Amazon Q Business Google Calendar connector (Preview)
If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create an Amazon Q resource. When you call the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) operation, you provide the Amazon Resource Name (ARN) role with the policy attached.
If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role.
To learn more about IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *AWS Identity and Access Management User Guide*.
To connect your data source connector to Amazon Q, you must give Amazon Q an IAM role that has the following permissions:
+ Permission to access the `BatchPutDocument` and `BatchDeleteDocument` operations to ingest documents.
+ Permission to access the [User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) API operations to ingest user and group access control information from documents.
+ Permission to access your AWS Secrets Manager secret to authenticate your data source connector instance.
+ **(Optional)** If you're using Amazon VPC, permission to access your Amazon VPC.
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQToGetSecret",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:{{region}}:{{account_id}}:secret:[[secret_id]]"
]
},
{
"Sid": "AllowsAmazonQToDecryptSecret",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:{{region}}:{{account_id}}:key/[[key_id]]"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"secretsmanager.*.amazonaws.com"
]
}
}
},
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
]
},
{
"Sid": "AllowsAmazonQToIngestPrincipalMapping",
"Effect": "Allow",
"Action": [
"qbusiness:PutGroup",
"qbusiness:CreateUser",
"qbusiness:DeleteGroup",
"qbusiness:UpdateUser",
"qbusiness:ListGroups"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}/data-source/*"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNI",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": [
"arn:aws:ec2:{{region}}:{{account_id}}:subnet/[[subnet_ids]]",
"arn:aws:ec2:{{region}}:{{account_id}}:security-group/[[security_group]]"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNIForSpecificTag",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:RequestTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"AMAZON_Q"
]
}
}
},
{
"Sid": "AllowsAmazonQToCreateTags",
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateNetworkInterface"
}
}
},
{
"Sid": "AllowsAmazonQToCreateNetworkInterfacePermission",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:ResourceTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
}
}
},
{
"Sid": "AllowsAmazonQToDescribeResourcesForVPC",
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
]
}
```
**To allow Amazon Q to assume a role, you must also use the following trust policy:**
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "qbusiness.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{source_account}}"
},
"ArnEquals": {
"aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}"
}
}
}
]
}
```
For more information on Amazon Q data source connector IAM roles, see [IAM roles for Amazon Q data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds).
# Understand error codes in the Amazon Q Business Google Calendar connector (Preview)
The following table provides information about error codes you may see for the Google Calendar connector and suggested resolutions.
| Error code | Error message | Suggested resolution |
| --- | --- | --- |
| GCAL-5001 | Connection lost - A problem occurred while validating credentials | A problem occurred while validating credentials. Provided credentials may be incorrect. |
| GCAL-5002 | There was a problem while retrieving the directory | There was a problem while retrieving the directory due to incorrect credentials. Provide correct credentials and try again. |
| GCAL-5003 | Connection lost - A problem occurred while validating credentials. | Connection was lost due to invalid credentials. Provide correct credentials and try again. |
| GCAL-5004 | There was a problem while retrieving the user list because the API was not responding. | There was a problem while retrieving the user list because the API was not responding. Try again. |
| GCAL-5100 | There was a problem while generating the new access token. | |
| GCAL-5101 | There was a problem while retrieving the private key. | The private key may be empty or incorrect. |
| GCAL-5102 | There was a problem while retrieving the http request initializer. | |
| GCAL-5103 | Auth Type can not be null or empty | Enter a valid value. |
| GCAL-5104 | Invalid value for Auth Type | Enter a valid value. |
| GCAL-5105 | Only String, String List, Date and Long formats are supported for the indexFieldType in all the field mappings. | Please provide the supported format only for the indexFieldType in all the fieldMappings. |
| GCAL-5106 | There was a problem while retrieving client email id. Client email id may be empty or incorrect. | Client email id can not be empty or incorrect. Provide the proper values. |
| GCAL-5107 | Client Email ID length is more than the size limit. | Client Email should be less than 255 characters. |
| GCAL-5108 | There was a problem while retrieving admin account email id. Admin account email id may be empty or incorrect. | The admin account email id should not be empty or incorrect. Provide the correct email id. |
| GCAL-5109 | Admin Account Email ID length is more than the size limit. | Admin Email should be less than 255 characters. |
| GCAL-5110 | There was a problem while retrieving client id. Client id is empty or incorrect | The client id should not be empty or incorrect. Provide the correct email id. |
| GCAL-5111 | There was a problem while retrieving client secret. Client secret is empty or incorrect | Enter a valid value. |
| GCAL-5112 | There was a problem while retrieving refresh token. Refresh token is empty or incorrect | Provide the correct refresh token. |
| GCAL-5113 | The connection configuration in your data source configuration is missing. | Enter valid connection configuration details and try again. |
| GCAL-5114 | The repository endpoint metadata in your data source configuration is missing. | Enter valid repository endpoint metadata details and try again. |
| GCAL-5115 | The repository credentials in your data source configuration is missing. | Enter valid repository credentials details and try again. |
| GCAL-5116 | Invalid client email | Enter valid client email and try again. |
| GCAL-5117 | Invalid admin account email | Enter valid admin account email and try again. |
| GCAL-5118 | There was an error parsing the field value for field %s. | Size has exceeded the maximum allowable limit. The maximum size permitted is 1000. |
| GCAL-5119 | There was an error parsing the field value. The size of the filter pattern exceeded the maximum number of characters allowed. | The maximum size permitted is 1000. |
| GCAL-5400 | The identity crawler connection configuration in your data source configuration is missing. | Enter valid identity crawler connection configuration details and try again. |
| GCAL-5401 | The identity crawler repository endpoint metadata in your data source configuration is missing. | Enter valid identity crawler repository endpoint metadata details and try again. |
| GCAL-5402 | The identity crawler repository credentials in your data source configuration is missing. | Enter valid identity crawler repository credentials details and try again. |
| GCAL-5403 | Auth Type can not be null or empty | Enter a valid value. |
| GCAL-5404 | Invalid value for Auth Type | Enter a valid value. |
| GCAL-5500 | Connection timed out - API is not responding. | The threshold number of API hits has been exceeded. |