AWS Chatbot is now Amazon Q Developer. [Learn more](service-rename.md)
# Performing actions using Amazon Q Developer in chat applications
Actions you can perform include:
+ Getting help
+ Chatting with Amazon Q Developer in natural language
+ Finding your AWS resources
+ Responding to interactive messages
+ Running CLI commands
+ This includes running CLI commands to use different services from chat channels. For example, you can retrieve diagnostic information, invoke Lambda functions, and create support cases for your AWS resources
+ Managing your AWS Support cases
**Topics**
+ [
# Getting help from Amazon Q Developer in chat applications
](getting-help.md)
+ [
# Chatting with Amazon Q Developer in chat channels
](asking-questions.md)
+ [
# Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications
](chatbot-cli-commands.md)
+ [
# Using CLI commands with Amazon Q Developer in chat applications - Common use cases
](common-use-cases.md)
+ [
# Tutorial: Using Amazon Q Developer in chat applications to run an AWS Lambda function remotely
](chatbot-run-lambda-function-remotely-tutorial.md)
+ [
# Managing AWS Support cases from chat channels using Amazon Q Developer in chat applications
](manage-support-cases.md)
# Getting help from Amazon Q Developer in chat applications
You can ask Amazon Q Developer in chat applications for help by entering `@Amazon Q help`. You can choose any of the following buttons to receive additional information about their respective topics.
**Topics**
+ [
## Home (🏠)
](#home)
+ [
## Commands
](#cmnds)
+ [
## Aliases
](#com-aliases)
+ [
## Built-ins
](#built-ins)
+ [
## Q&A
](#questansw)
+ [
## More help
](#more-help)
## Home (🏠)
Choosing the home icon (🏠) returns you to the main menu.
## Commands
Provides helpful tips about CLI command syntax and parameters.
For example, you don't have to remember parameters to use CLI commands with Amazon Q Developer in chat applications. Amazon Q Developer in chat applications prompts you for all required prameters for a CLI command. Commands with one parameter don't require a parameter flag and unique AWS service operations don't require you to enter a service name. For more information, see [Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications](chatbot-cli-commands.md).
## Aliases
Provides helpful tips about command aliases. Command aliases are short-hand representations of CLI commands. For more information, see [Creating and using command aliases in chat channels](creating-aliases.md).
## Built-ins
Lists and provides details about Amazon Q Developer in chat applications commands.
### Setting preferences
To manage Amazon Q Developer in chat applications preferences for your chat channel, enter `@Amazon Q set preferences`.
You can manage your threading preferences and communication preferences after running this command. This includes where Amazon Q Developer in chat applications notifications are displayed, how frequently new threads are created, and what Amazon Q Developer in chat applications related updates you want to receive.
### AWS accounts
To see a list of AWS accounts configured for this channel or select a new account to use for commands, enter `@Amazon Q set-default account`.
If you would like to add an account to the channel, sign-in to the Amazon Q Developer in chat applications console with that account and configure Amazon Q Developer in chat applications for your channel. For more information, see [Setting up Amazon Q Developer in chat applications](getting-started.md#setting-up).
### Providing feedback
To provide feedback to Amazon Q Developer in chat applications, enter `feedback your comment`.
### Switching user roles
To access a link for mapping user roles, enter `@Amazon Q switch-roles`.
If your current user role doesn’t have the right permissions, you can switch roles directly from your chat channel. For more information, see [Switching user roles from a chat channel using Amazon Q Developer in chat applications](cm-container.md#cm-switch-role).
## Q&A
Provides additional information about the types of questions Amazon Q Developer in chat applications can answer and how to use Amazon Q Developer with Amazon Q Developer in chat applications. For more information, see [Chatting with Amazon Q Developer in chat channels](asking-questions.md).
## More help
To get help with services or operations, use the `--help` parameter. For example, you can enter `@Amazon Q ec2 --help` to get help with EC2. For more information, see [Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications](chatbot-cli-commands.md).
# Chatting with Amazon Q Developer in chat channels
| |
| --- |
| Chatting about network security is in preview, and is subject to change. |
By [adding Amazon Q Developer permissions](#cbt-awsq) to your role settings and channel guardrails, you can get Artificial Intelligence (AI) powered answers to your natural language questions about:
+ AWS services
+ Your AWS resources
+ Your costs
+ Your telemetry and operations
+ Network connectivity issues
+ Network security
Amazon Q Developer is available in Microsoft Teams and Slack channels configured with Amazon Q Developer.
**Topics**
+ [
## Adding Amazon Q Developer in chat applications permissions
](#cbt-awsq)
+ [
## Chatting about AWS
](#service-questions-q)
+ [
## Chatting about your AWS resources
](#resource-questions-qdev)
+ [
## Chatting about your costs
](#cost-questions)
+ [
## Chatting about your telemetry and operations
](#telemetry)
+ [
## Troubleshooting network connectivity issues
](#troubleshoot-network)
+ [
## Chatting about your network security
](#network-security)
## Adding Amazon Q Developer in chat applications permissions
To get AI powered answers to your questions about AWS and your AWS account resources, you must have the requisite permissions.
**To chat with Amazon Q Developer in chat applications in natural language**
1. Add the [AmazonQDeveloperAccess managed policy](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/managed-policy.html#amazonq-policy-developeraccess) to your IAM role:
**Note**
If you require administrator access, you can use the [AmazonQFullAccess managed policy](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/managed-policy.html#amazonq-policy-fullaccess).
1. Open the [IAM console](https://console.aws.amazon.com/iam).
1. In the navigation pane of the IAM console, choose **Roles**.
1. Choose the name of the role you want to modify.
1. In **Permissions policies**, choose **Add permissions** and **Attach policies**.
1. Enter `AmazonQDeveloperAccess` in the search.
1. Select **AmazonQDeveloperAccess**.
1. Choose **Add permissions**.
1. Add the `AmazonQDeveloperAccess` managed policy to your channel guardrails:
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot).
1. Choose a configured client.
1. Select a configured channel.
1. Choose **Set guardrails**.
1. Enter `AmazonQDeveloperAccess` in the search.
1. Select **AmazonQDeveloperAccess**.
1. Choose **Save**.
1. In your chat channel, enter `@Amazon Q` and your question.
## Chatting about AWS
You can chat about best practices, recommendations, step-by-step instructions for AWS tasks, and architecting your AWS resources and workflows directly from your chat channels using Amazon Q Developer. Additionally, Amazon Q Developer can generate short scripts or code snippets to help you get started using AWS SDKs and AWS CLI. For more information, see [Chatting with Amazon Q Developer about AWS](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/chat-with-q.html) in the *Amazon Q Developer User Guide*.
### Commonly asked questions
You can ask Amazon Q Developer these service questions directly from your chat channels.
`@Amazon Q what is fargate?`
`@Amazon Q what’s the maximum runtime for a Lambda function?`
`@Amazon Q what’s the best container service to use to run my workload if I need to keep my costs low?`
`@Amazon Q how do I list my Amazon S3 buckets?`
## Chatting about your AWS resources
You can ask Amazon Q Developer about your AWS account resources. Amazon Q Developer can perform get, list, and describe actions to retrieve your AWS resources. Amazon Q Developer can’t answer questions about the data stored in your resources, such as listing objects in an Amazon S3 bucket, or questions related to your account security, identity, credentials, or cryptography. For more information, see [Chatting about your resources](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/chat-actions.html) in the *Amazon Q Developer User Guide*.
**Note**
Amazon Q Developer uses cross-region inference and cross-region calls to provide the service. For more information, see [Cross-region processing](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/cross-region-processing.html) in the *Amazon Q Developer User Guide*.
### Commonly asked questions
You can ask Amazon Q Developer these resource questions directly from your chat channels.
`@Amazon Q get the configuration for my lambda function ?`
`@Amazon Q what is the size of the auto scaling group in us-east-2?`
`@Amazon Q can you show ec2 instances running in us-east-1?`
## Chatting about your costs
You can ask Amazon Q Developer about your AWS bill and account costs. Amazon Q Developer can retrieve your cost data, explain costs, and analyze cost trends, so you can understand your costs without referring to documentation or interrupting your workflow. For more information, see [Chatting about your costs](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/chat-costs.html) in the *Amazon Q Developer User Guide*.
### Commonly asked questions
You can ask Amazon Q Developer these cost questions directly from your chat channels.
`@Amazon Q How much did we spend on SageMaker AI in January?`
`@Amazon Q What were my Amazon EC2 costs by instance type last week?`
`@Amazon Q What was my cost breakdown by service for the past three months?`
`@Amazon Q What were my cost trends by region over the last three months?`
## Chatting about your telemetry and operations
Amazon Q Developer analyzes your Amazon CloudWatch telemetry and operational data to help manage your AWS environment. It retrieves resource health information, monitors alarms, and provides troubleshooting guidance. When you ask questions, Amazon Q may prompt you for specific details like resource names and time ranges to ensure accurate assistance. For more information, see [Chatting about your telemetry and operations](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/chat-ops.html) in the *Amazon Q Developer User Guide*.
### Commonly asked questions
You can ask Amazon Q Developer these telemetry and operations questions directly from your chat channels.
`@Amazon Q Is my Lambda function healthy?`
`@Amazon Q Is anything wrong with my Amazon ECS clusters?`
`@Amazon Q Why is my alarm with name firing?`
`@Amazon Q Is my Service in environment healthy?`
## Troubleshooting network connectivity issues
You can use Amazon Q Developer to help you diagnose network connectivity issues for applications that run in your virtual private clouds (VPCs). For more information, see [Amazon Q network troubleshooting for Reachability Analyzer](https://docs.aws.amazon.com/vpc/latest/reachability/amazon-q-network-reachability-analysis.html) in the *Amazon Virtual Private Cloud Reachability Analyzer*.
### Commonly asked questions
You can ask Amazon Q Developer these network connectivity questions directly from your chat channels.
`@Amazon Q Why can't I ssh into my Amazon EC2 instance?`
`@Amazon Q Why am I getting timeout errors when accessing my EC2 Windows instance via RDP?`
`@Amazon Q Why can't I access the internet from EC2 instance?`
`@Amazon Q Are my routes set up correctly to allow internet access?`
## Chatting about your network security
Amazon Q Developer helps you analyze your network security configurations, identify missing or misconfigured AWS network security services, and provides recommendations for a stronger network security posture. You can understand network security findings, implement remediation steps, and follow security best practices without interrupting your workflow.
When you ask Amazon Q about your network security configurations, responses include specific information about your resources, related security findings, and detailed remediation instructions as well as links to learn more in the AWS Management Console.
For more information about network security analysis with Amazon Q, see [Get insights with Amazon Q Developer](https://docs.aws.amazon.com/waf/latest/developerguide/nsd-security-insights.html) in the *AWS Shield network security director Developer Guide*.
### Prerequisites
For Amazon Q to answer questions about your network security, you must also enable AWS Shield network security director.
#### Enable AWS Shield network security director
To chat about your network security configurations with Amazon Q, you must enable AWS Shield network security director in your AWS account.
**To enable AWS Shield network security director**
1. Open the [AWS Shield network security director console](https://console.aws.amazon.com/nsd/).
1. Follow the setup instructions to enable the service.
1. Run a network analysis to collect information about your network security posture.
### Commonly asked questions
You can ask Amazon Q Developer these network security questions directly from your chat channels.
`@Amazon Q Identify my top network security findings`
`@Amazon Q Summarize the network security of my environment`
`@Amazon Q Are my systems at risk of DDoS attacks?`
`@Amazon Q How can I improve my network security?`
# Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications
You can run commands using AWS CLI syntax directly in chat channels. Amazon Q Developer enables you to retrieve diagnostic information, configure AWS resources, and run workflows.
When you interact with Amazon Q Developer in your chat channels, it prompts you for any missing parameters before it runs the command.
**Note**
To perform actions in your chat channels, you must first have the appropriate permissions. For more information about Amazon Q Developer in chat applications permissions, see [Understanding Amazon Q Developer in chat applications permissions](understanding-permissions.md).
Amazon Q Developer doesn't support running commands for certain operations. For more information, see [Non-supported operations](understanding-permissions.md#forbidden-permissions).
**Topics**
+ [
# AWS CLI command syntax in Amazon Q Developer in chat applications
](intro-to-the-aws-cli-in-slack.md)
+ [
# Running commands using Amazon Q Developer in chat applications
](Things-to-know-about-cli.md)
+ [
# Configuring commands support on an existing chat channel using Amazon Q Developer in chat applications
](setting-up-aws-cli-on-slack.md)
+ [
# Enabling multiple accounts to use commands using Amazon Q Developer in chat applications
](multiple-accounts-in-a-channel.md)
# AWS CLI command syntax in Amazon Q Developer in chat applications
After you set up the Amazon Q Developer in chat applications, you run commands with the following prefix:
`@Amazon Q`
**Note**
If you are using Slack and AWS is not listed as a valid member of the channel, you need to add the Amazon Q Developer in chat applications app to the Slack workspace and invite it to the channel. For more information, see the [Getting started guide for Amazon Q Developer in chat applications](getting-started.md).
**Tip**
Instead of entering `@Amazon Q`, you can enter `@Q` and choose the autocomplete recommendation that matches the app name.
The Amazon Q Developer in chat applications command syntax is the same as you would use in a terminal:
`@Amazon Q service command --options`
**Note**
You can specify parameters with either a double hyphen (*--option*) or a single hyphen (*-option*). This allows you to use a mobile device to run commands without running into issues with the mobile device automatically converting a double hyphen to a long dash.
**Note**
AWS CLI commands run from AWS Chatbot have an execution [timeout](https://docs.aws.amazon.com/whitepapers/latest/serverless-architectures-lambda/timeout.html) of 15 seconds. If a command response is not received within 15 seconds, you receive a timeout error message. If you have longer running jobs, such as AWS Lambda functions, you should invoke them asynchronously from Amazon Q Developer in chat applications. The maximum allowable Lambda function execution timeout is 900 seconds (15 minutes). For more information about asynchronous invocation, see [Asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html) in the *AWS Lambda Developer Guide*.
For example, enter the following read-only command to view a list of your Lambda functions:
`@Amazon Q lambda list-functions`
Enter the following commands to list and chart CloudWatch alarms:
`@Amazon Q cloudwatch describe-alarms --state ALARM`
You can also use CLI commands to change you AWS resources. For example, enter the following command to change your Kinesis shards:
`@Amazon Q kinesis update-shard-count --stream-name samplestream --scaling-type UNIFORM_SCALING --target-shard-count 6 `
You can enter a complete AWS CLI command with all the parameters, or you can enter the command without parameters and Amazon Q Developer in chat applications prompts you for missing parameters.
For more information on commonly used CLI commands, see [Using CLI commands with Amazon Q Developer in chat applications - Common use cases](common-use-cases.md). For an exhaustive list of CLI commands, see the [AWS CLI Command Reference](https://docs.aws.amazon.com/cli/latest/index.html).
**Note**
If you find you are unable to run commands, you may need to switch your user role or contact your administrator to find out what actions are permissible.
The following limitations apply to running AWS CLI commands in your chat rooms:
+ You may experience some latency when invoking commands through Amazon Q Developer in chat applications.
+ Regardless of their Amazon Q Developer in chat applications role permissions, users cannot run IAM, AWS Security Token Service, or AWS Key Management Service commands within chat channels.
+ Amazon S3 service commands support Linux-style command aliases such as **ls** and **cp**. Amazon Q Developer in chat applications does not support Amazon S3 command aliases for commands in Slack.
+ Users cannot display or decrypt secret keys or key pairs for any AWS service, or pass IAM credentials.
+ You can't use AWS CLI command memory (that is, recent commands appear when the user presses up arrow or down arrow keys) in the chat channel. You must enter, or copy and paste each AWS CLI command in the chat channel.
+ You can create AWS support cases through your chat channels. You cannot add attachments to these cases from the chat channel.
+ Chat channels do not support standard AWS CLI pagination.
# Running commands using Amazon Q Developer in chat applications
Amazon Q Developer in chat applications tracks your use of command options and prompts you for any missing parameters before it runs the command you want.
For example, if you enter `@Amazon Q lambda get-function` with no further arguments, you're prompted for the function name. You can run the `@Amazon Q lambda list-functions` command, find the function name you need, and re-run the first command with the corrected option. You can add more parameters for the initial command with `@Amazon Q function-name name`. Amazon Q Developer in chat applications parses your commands and helps you complete the correct syntax so it can run the complete AWS CLI command.
**Topics**
+ [
## Getting help for AWS services in Amazon Q Developer in chat applications
](#getting-help-in-the-chat-window)
+ [
## Formatting data and viewing logs in Amazon Q Developer in chat applications
](#formatting-in-the-chat-window.title)
+ [
## Displaying Amazon CloudWatch Logs information using Amazon Q Developer in chat applications
](#logs-in-the-chat-window.title)
+ [
## Creating an AWS Support case using Amazon Q Developer in chat applications
](#create-a-support-case)
## Getting help for AWS services in Amazon Q Developer in chat applications
To get help about commands for any AWS service, enter **@Amazon Q** followed by the service name, as shown following:
`@Amazon Q lambda --help`
`@Amazon Q cloudwatch describe-alarms --help`
## Formatting data and viewing logs in Amazon Q Developer in chat applications
To ensure data from Amazon CloudWatch alarms is correctly formatted, attach the **Lambda-Invoke Command Permissions** and **ReadOnly Commands Permissions** IAM policies to the role in the Amazon Q Developer in chat applications console for users in the chat channel.
Run the `cloudwatch describe-alarms` command to show CloudWatch alarms in chart form as follows:
`@Amazon Q cloudwatch describe-alarms `
You can change the command to only include notifications in the alarm state, filtering out other notifications, by adding the following option:
`@Amazon Q cloudwatch describe-alarms --state ALARM`
To see alarms from a different AWS Region, include that Region in the command:
`@Amazon Q cloudwatch describe-alarms --state ALARM --region us-east-1`
You can also filter AWS CLI output by using the optional `query` parameter. A query uses JMESPath syntax to create an expression to filter your output to your specifications. For more information about filtering, see [Filtering AWS CLI output](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html) in the *AWS Command Line Interface User Guide*. For more information about JMESPath syntax, see [their website](https://jmespath.org/). The following example shows how to limit AWS CLI output for the `cloudwatch describe-alarms` command to just the alarm name, description, state, and reason attributes.
```
@Amazon Q cloudwatch describe-alarms --query
@.{MetricAlarms:MetricAlarms[*].
{AlarmName:AlarmName, AlarmDescription:AlarmDescription, StateValue:StateValue,
StateReason:StateReason, Namespace:Namespace, MetricName:MetricName,
Dimensions:Dimensions, ComparisonOperator:ComparisonOperator, Threshold:Threshold,
Period:Period, EvaluationPeriods:EvaluationPeriods, Statistic:Statistic}}
--region us-east-2
```
## Displaying Amazon CloudWatch Logs information using Amazon Q Developer in chat applications
CloudWatch alarm notifications show buttons in chat client notifications to view logs related to the alarm. These notifications use the [CloudWatch Log Insights feature](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html). There may be service charges for using this feature to query and show logs.
You can view CloudWatch logs, including error logs, that are associated with the CloudWatch alarm by choosing **Show logs** at the bottom of the alarm notification. Amazon Q Developer in chat applications displays the first 30 log entries from the start of the alarm evaluation period. Amazon Q Developer in chat applications uses CloudWatch Log Insights to query for logs. The query results contain a link to the CloudWatch Log Insights console, where a user can dive deeper into logs details.
Choose **Show error logs** to filter search results to log entries containing Error, Exception, or Fail terms.
The log shows a command that a user can copy, paste, and edit to re-run the query for viewing logs.
## Creating an AWS Support case using Amazon Q Developer in chat applications
The **AWS Support Command Permissions** policy appears in the Amazon Q Developer in chat applications console when you configure resources. It's provided in the Amazon Q Developer in chat applications console so that you can set up new roles for users in your chat client to create AWS support tickets through their chat channels.
You can quickly create a new AWS support case by entering the following:
`@Amazon Q support create-case`
Follow the prompts from Amazon Q Developer in chat applications to fill out the support case with its needed parameters. When you complete the case information entry, Amazon Q Developer in chat applications asks for confirmation. You will not be able to use file attachments.
**Note**
Amazon Q Developer in chat applications requires `UpperCamelCase` for the `--query` parameter. In `UpperCamelCase`, the first letter of every word is capitalized.
For any Amazon Q Developer in chat applications role that creates Support cases, you need to attach the **AWS Support command permissions** policy to the role. For existing roles, you will need to attach the policy in the IAM console.
In the IAM console, this policy appears as **AWSSupportAccess**.
It is an AWS managed policy. Attach this policy in IAM to any role for Amazon Q Developer in chat applications usage. You can define your own policy with greater restrictions, using this policy as a template.
The **Support Command Permissions** policy applies only to the Support service.
The policy's JSON code is shown following:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"support:*"
],
"Resource": "*"
}
]
}
```
------
# Configuring commands support on an existing chat channel using Amazon Q Developer in chat applications
If you have existing chat channels using the Amazon Q Developer in chat applications, you can reconfigure them in a few steps to support the AWS CLI.
1. [Open the Amazon Q Developer in chat applications console](https://us-east-2.console.aws.amazon.com/chatbot/home?region=us-east-2#/chat-clients).
1. In the **Configured Clients** page, select the chat client. If you have only one, its contents (the list of chat channels) appear on the page.
**Note**
In this procedure, we assume use of an existing Amazon Q Developer in chat applications chat channel configuration. The process is very similar if you need to create a new chat client configuration by choosing **Configure new client**.
1. Choose a channel from the **Configured channels** list, and choose **Edit**. The selected channel can be public or private.
1. Define your **Role setting** by choosing a **Channel role** or **User roles**. For more information about role types, see [Role setting](understanding-permissions.md#role-settings):
------
#### [ Channel role ]
1. For **Role setting**, choose **Channel role**.
1. For **Channel role**, choose **Create new role**. If you want to use an existing role instead, choose **Use an existing role**. To use an existing IAM role, you will need to modify it for use with Amazon Q Developer in chat applications. For more information, see [Configuring an IAM Role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).
1. For **Role name**, enter a name. Valid characters: a-z, A-Z, 0-9, .\$1w\$1=,.@-\$1.
1. For **Role policy template**, choose **Read Only command permissions** and **Lambda-Invoke command permissions**.
**Note**
If you plan to have users of the role submit Support cases, also attach the **AWS Support command permissions** policy.
If you want the role to allow users to manage incidents, add the **Incident Manager Permissions** policy.
------
#### [ User roles ]
1. For **Role setting**, choose **User roles**.
------
1. Select the policies that will make up your [channel guardrail policies](understanding-permissions.md#channel-guardrails). Your channel guardrail policies control what actions are available to your channel members.
**Note**
If you initially had permission to run Lambda invoke, it is contained in **All actions permitted**.
**Note**
To run most CLI commands from your Slack channel, ensure you select **All actions permitted**.
**Note**
You do not need to edit or change the Amazon SNS topics configuration for the chat channel.
1. Choose **Save**.
You can use the IAM console to modify an existing IAM role. By simply attaching the three additional Amazon Q Developer in chat applications policies to the IAM role, users of that role can immediately begin using commands in the chat channel. To do so, see [Configuring an IAM Role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).
**Important**
If you have a large number of chat channels and you want to have the same command permissions across multiple channels, you can apply the configured Amazon Q Developer in chat applications role to any of your other chat channels without further modification. The IAM policies will be consistent across chat channels that support commands in your Amazon Q Developer in chat applications service.
# Enabling multiple accounts to use commands using Amazon Q Developer in chat applications
You can configure Amazon Q Developer in chat applications for multiple AWS accounts in the same chat channel. When you work with Amazon Q Developer in chat applications for the first time in that channel, it asks you which account you want to use. Amazon Q Developer in chat applications remembers the account selection for 7 days.
To change the default account in the channel, enter `@Amazon Q set default-account` and select the account from the list.
# Using CLI commands with Amazon Q Developer in chat applications - Common use cases
Common use cases for using Amazon Q Developer in chat applications in your chat channels involve running CLI commands. This topic also includes an example use case for invoking a Lambda function in your chat channel, written in Python 3.8.
For more information about running CLI commands in chat channels see [Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications](chatbot-cli-commands.md).
For a tutorial that walks you through how to invoke Lambda functions from Amazon Q Developer in chat applications, see the [Tutorial: Using Amazon Q Developer in chat applications to run an AWS Lambda function remotely](chatbot-run-lambda-function-remotely-tutorial.md).
**Topics**
+ [
## Restart an Amazon EC2 instance
](#reboot-instances)
+ [
## Change Auto Scaling limits
](#change-autoscale)
+ [
## Run an Automation runbook
](#run-book)
+ [
## Use a Lambda function to approve an AWS CodePipeline action
](#create-pipeline)
## Restart an Amazon EC2 instance
The following example shows how CLI commands can be used to restart your specified Amazon EC2 instance from your chat channel. The parameters you include here are your instance id, min, and max size. For more information about restarting Amazon EC2 instances, see the [reboot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/reboot-instances.html#reboot-instances) command in the *AWS CLI Command Reference*.
`@Amazon Q ec2 reboot-instances --instance-ids i-1234567890abcdef5`
## Change Auto Scaling limits
The following example shows how CLI commands can be used to change your Auto Scaling limits directly from your chat channel. The parameters you include are the name of your Auto Scaling group and the minimum and maximum sizes. For more information about changing autoscaling limits, see [update-autoscaling-group](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/update-auto-scaling-group.html) command in the *AWS CLI Command Reference*.
`@Amazon Q autoscaling update-auto-scaling-group --auto-scaling-group-name my-asg --min-size 2 --max-size 10`
## Run an Automation runbook
The following example shows how CLI commands can be used to run an Automation runbook. In this command you specify your document name and your parameters. For more information, see the [start-automation-execution](https://docs.aws.amazon.com/cli/latest/reference/ssm/start-automation-execution.html) command in the *AWS CLI Command Reference*.
`@Amazon Q ssm start-automation-execution --document-name "AWS-UpdateLinuxAmi" --parameters "AutomationAssumeRole=arn:aws:iam::123456789012:role/SSMAutomationRole,SourceAmiId=ami-EXAMPLE,IamInstanceProfileName=EC2InstanceRole"`
## Use a Lambda function to approve an AWS CodePipeline action
The code example in this section demonstrates how you can use a Lambda function to perform activities, spefically how you can manually approve a pipeline action. This function enables you to approve or reject a pipeline action from your chat channel by entering the status and a summary. The function gets the required token using the get\$1pipeline\$1status method. It then uses the token value when applying the approval decision by using the put\$1approval\$1result method. For more information about these methods, see the [CodePipeline section](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html) of the *Boto3 docs 1.14.10 documentation*. The Lambda code uses Python 3.8.
```
import boto3
def lambda_handler(event, context):
client = boto3.client('codepipeline')
getToken = client.get_pipeline_state(
name = 'mypipeline1'
)
myToken=getToken['stageStates']['actionStates']['latestExecution']['token']
response = client.put_approval_result(
pipelineName='mypipeline1',
stageName='beta',
actionName='Approval',
result={
'summary': ['summary'],
'status': ['status']
},
token=myToken
)
```
The following Amazon Q Developer in chat applications command invokes the Lambda function. For more information about CodePipeline and pipeline actions, see the [https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html).
`@Amazon Q invoke mypipeline1-beta-Approval --payload {"summary": "the design looks good, ready to release",“status”: "Approved"}`
# Tutorial: Using Amazon Q Developer in chat applications to run an AWS Lambda function remotely
In this tutorial you use Amazon Q Developer in chat applications to run a Lambda function remotely and check the status of the Lambda function using Amazon CloudWatch. A Lambda function is a self contained block of organized resuable code that you write. Lambda functions are useful because they are run without provisioning or managing servers. Additionally, they are only invoked when needed based on your specifications. There are steps at the end of this tutorial to delete the resources you created.
**Topics**
+ [
## Prerequisites
](#prerequisites)
+ [
## Step 1: Create a Lambda function
](#create-lambda-function)
+ [
## Step 2: Create an SNS topic
](#create-sns-topic)
+ [
## Step 3: Configure a CloudWatch alarm
](#configure-cloudwatch-alarm)
+ [
## Step 4: Configure a Slack client for Amazon Q Developer in chat applications
](#create-chatbot-slack-config)
+ [
## Step 5: Invoke a Lambda function from Slack
](#invoke-lambda-function)
+ [
## Step 6: Test the CloudWatch alarm
](#test-cloudwatch-alarm)
+ [
## Step 7: Clean up resources
](#clean-up-resources)
## Prerequisites
This tutorial assumes that you have some familiarity with the Lambda, Amazon Q Developer in chat applications, and CloudWatch consoles.
For more information, see the following topics:
+ [Getting started with AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/getting-started.html) in the *AWS Lambda Developer Guide*.
+ [Setting up Amazon Q Developer in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/setting-up.html) in the *Amazon Q Developer in chat applications Administrator Guide.*
+ [Understanding Amazon Q Developer in chat applications permissions](https://docs.aws.amazon.com/chatbot/latest/adminguide/understanding-permissions.htm) in the *Amazon Q Developer in chat applications Administrator Guide.*
+ [Getting Set Up with CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/GettingSetup.html) in the *Amazon CloudWatch User Guide.*
The AWS Region that you select while setting up these consoles should be the same Region you specify in your Slack channel when your first AWS Command Line Interface (AWS CLI) command in [Step 5: Invoke a Lambda function from Slack](#invoke-lambda-function).
## Step 1: Create a Lambda function
In this procedure you create a Lambda function in the console and test it.
**To create a Lambda function**
1. Sign in to the AWS Management Console and open the Lambda console at [console.aws.amazon.com/lambda](https://console.aws.amazon.com/lambda/).
1. Choose **Create function**.
1. Choose **Author From Scratch**.
1. In **Function Name**, enter: **myHelloWorld**
1. Choose **Create Function**.
1. Copy and paste the following example code into `index.js`.
```
export const handler = async (event) => {
// TODO implement
const response = 'Hello World!'
return response;
};
};
```
1. Choose **Deploy**.
1. Choose **Test**.
1. In **Event Name**, enter: **myHelloWorld**
1. Choose **Save**.
1. Choose **Test** and then verify that the **Execution results** tab displays Response: "Hello World\$1"
## Step 2: Create an SNS topic
CloudWatch uses Amazon SNS to send notifications. First, you create an SNS topic and subscribe to it using your email. Later in the tutorial you use this SNS topic to configure Amazon Q Developer in chat applications.
**To create an SNS topic**
1. Open the [Amazon SNS console](https://console.aws.amazon.com/sns/).
1. In the left navigation pane, choose **Topics**.
1. Choose **Create Topic**.
1. Create a topic with the following settings:
1. **Type** – Standard
1. **Name** – **myHelloWorldNotifications**
1. **Display name ** – **myHelloWorld**
1. Choose **Create topic**.
1. Choose **Create subscription**.
1. Create a subscription with the following settings:
1. **Protocol ** – **Email**
1. **Endpoint ** – Your email address
1. Confirm subscription to the SNS by checking your email and choosing the link.
## Step 3: Configure a CloudWatch alarm
A CloudWatch alarm monitors your Lambda function and sends a notification if an error occurs.
**To create a CloudWatch alarm**
1. Open the [CloudWatch console](https://console.aws.amazon.com/cloudwatch/).
1. Choose **Alarms**.
1. Choose **Create alarm**.
1. Choose **Select metric**.
1. Choose **Lambda**.
1. Choose **By Function Name**.
1. Choose **myHelloWorld errors**.
1. Change the following settings:
1. **Period** – **1 minute**
1. **Whenever Errors is** **Greater** **than** **0**
1. **Send notifications to** – **myHelloWorldNotifications**
1. **Alarm name** – **myHelloWorld-alarm**
1. **Alarm description** – **Lambda myHelloWorld alarm**
1. Choose **Create alarm**.
## Step 4: Configure a Slack client for Amazon Q Developer in chat applications
You can configure a Slack client using Amazon Q Developer in chat applications to to run different commands in Slack using the AWS CLI. In this tutorial you use AWS CLI to invoke your Lambda function from Slack.
**To create a Slack client**
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot/).
1. Under **Configure a Chat client** choose **Slack**, and then choose **Configure**.
**Important**
When you choose **Configure**, you are momentarily navigated away from the Amazon Q Developer in chat applications console.
1. In the upper right corner, choose the dropdown list, and then choose the Slack workspace that you want to use with Amazon Q Developer in chat applications.
**Note**
There's no limit to the number of workspaces that you can set up for Amazon Q Developer in chat applications, but you must set up each workspace one at a time.
1. Choose **Allow**.
1. Choose **Configure new channel**.
1. Under **Configuration details**, for **Name**, enter **myHelloWorld**.
1. Under **Channel type**, choose **Private**.
1. Navigate to Slack and create a private channel by choosing the **\$1** button to the right of **Channels**.
1. Choose **Create a channel**.
1. Name the channel **myHelloWorld**.
1. Choose to make the channel private.
1. Choose **Create**.
1. When prompted to add people, choose **x**.
1. Navigate back to the Amazon Q Developer in chat applications console and enter the private channel ID.
1. Define the **Permissions** that the chatbot uses for messaging your Slack chat room as shown following:
1. For **Role settings**, choose **Channel role**.
1. For **Channel role**, choose **Create an IAM role using a template**.
1. For **Role name**, enter **myHelloWorldRole**.
1. For **Policy Templates**, select **Read-only command permissions** and **Lambda-invoke command permissions.**
1. For **Channel guardrail policies**, select **AWS-Chatbot-LambdaInvoke-Policy-e4aef1dc-0da7-4ac5-b506-d282beac41ae**.
1. In the SNS topics section, choose the appropriate AWS Region under **Region**.
1. Under **Topics**, select the **myHelloWorldNotifcations** topic.
1. Choose **Configure**.
## Step 5: Invoke a Lambda function from Slack
After you configure a chatbot in Amazon Q Developer in chat applications, you can invoke Lambda functions from Slack using AWS CLI syntax. To interact with Amazon Q Developer in chat applications in Slack, enter **@Amazon Q** followed by an AWS CLI command. For more information, see [Running AWS CLI commands from chat channels using Amazon Q Developer in chat applications](chatbot-cli-commands.md) in the *Amazon Q Developer in chat applications Administrator Guide.*
**To invoke a Lambda function**
1. Invite Amazon Q Developer in chat applications to your channel by doing the following in Slack:
1. Enter `@Amazon Q`.
1. Choose **Invite to Channel.**
**Tip**
You only have to invite Amazon Q Developer in chat applications to the channel once.
If AWS is not listed as a valid member of the channel, you need to add the Amazon Q Developer in chat applications app to the Slack workspace. For more information, see the [Getting started guide for Amazon Q Developer in chat applications](getting-started.md).
1. Enter the following command in Slack:
```
@Amazon Q lambda invoke --function-name myHelloWorld --region
```
**Important**
Replace ** with the same AWS Region you set while using the Lambda, CloudWatch, and Amazon Q Developer in chat applications consoles. You only need to specify the AWS Region in the channel once when you type your first AWS CLI command in Slack.
**Tip**
Amazon Q Developer in chat applications also supports certain simplified AWS CLI syntaxes. For example, the simplified version of the previous command is shown following:
```
@Amazon Q invoke myHelloWorld --region
```
1. Choose **Yes**.
1. The following output is shown:
```
ExecutedVersion: $LATEST
Payload: \"Hello World\"
StatusCode: 200
```
**Troubleshooting**
If you try to run your Lambda function in Slack and you encounter errors referring to the following permissions, revisit step 8 of the [Step 4: Configure a Slack client for Amazon Q Developer in chat applications](#create-chatbot-slack-config) procedure and verify that you have the correct permissions assigned to your role:
+ **Lambda-invoke command permissions**
+ **Read-only command permissions**
## Step 6: Test the CloudWatch alarm
In this step, you update the myHelloWorld function so that it returns an error, which triggers the CloudWatch alarm. By testing the alarm you can confirm that it's configured correctly and that you can view CloudWatch alarms in Slack (in addition to logs).
**To test the CloudWatch alarm**
1. Open the Lambda console [ Functions page](https://console.aws.amazon.com/lambda/).
1. Choose **myHelloWorld**.
1. Copy and paste the following example code into the Lambda function code:
```
exports.handler = async (event) => {
throw new Error('this is an error');
};
```
1. Choose **Deploy** and confirm your changes have been deployed by viewing the label next to the **Deploy** button.
1. Return to your Slack channel and then enter the following command:
```
@Amazon Q invoke myHelloWorld
```
1. An error appears in your output, and you receive a CloudWatch alarm notification in Slack and an email. It might take a few minutes for you to receive the notifications.
1. To view logs, choose **Show logs** or **Show error logs**.
**Troubleshooting**
If you don't receive a notification in Slack or an email from CloudWatch, navigate to the CloudWatch console and on the left of the screen. Under **Alarms**, choose **In alarm** to confirm that your alarm has triggered. Your alarm name should appear on this page if it has been triggered successfully.
## Step 7: Clean up resources
You can remove any resources created for this tutorial that you don't want to keep by navigating to the specific service’s console and deleting the resource. Removing unwanted or unused resources is beneficial because it lowers overall costs to you.
**To delete the Lambda function**
1. Open the [Lambda console](https://console.aws.amazon.com/lambda/).
1. Choose **myHelloWordFunction**.
1. Choose **Actions** and then choose **delete**.
**To delete the CloudWatch alarm**
1. Open the [CloudWatch console](https://console.aws.amazon.com/cloudwatch/).
1. In the left navigation pane, choose **Insufficient**.
1. Choose myHelloWorld-alarm by selecting the check box.
1. Choose **Actions** and then choose **delete**.
**To delete the Amazon Q Developer in chat applications configuration**
1. Open the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot/).
1. Choose **Slack.**
1. Choose the radio button next to the channel you created and then choose **Delete**.
# Managing AWS Support cases from chat channels using Amazon Q Developer in chat applications
You can use Amazon Q Developer in chat applications to monitor and respond to your AWS Support cases in your Microsoft Teams and Slack chat channels. A support case is a way for you to connect with technical support and get help with AWS service-related technical issues. You can use the on-screen action buttons to interact with your support cases. Actions you can perform include viewing correspondence (case history), resolving your case, and replying to your case. You can create support cases using Amazon Q Developer in chat applications and the AWS Management Console. For more information, see [Creating an AWS Support case using Amazon Q Developer in chat applications](Things-to-know-about-cli.md#create-a-support-case) and [Creating support cases and case management](https://docs.aws.amazon.com/awssupport/latest/user/case-management.html) in the *AWS Support User Guide* respectively.
AWS Support case management in Amazon Q Developer in chat applications is available at no additional cost in Regions where Amazon Q Developer in chat applications is offered.
**Note**
To interact with support cases in chat channels, you must have a Business, Enterprise On-Ramp, or Enterprise Support plan. If you attempt to take action on a support case without one of these plans, you will receive a `SubscriptionRequiredException` error message. For information about changing your support plan, see [AWS Support](http://aws.amazon.com/premiumsupport/).
## Prerequisities
To manage your support cases in your chat channels, you must:
+ Create an Amazon EventBridge rule for AWS Support case events and choose an Amazon SNS topic as your target. For more information, see [Creating an EventBridge rule for AWS Support cases](https://docs.aws.amazon.com/awssupport/latest/user/event-bridge-support.html#creating-event-bridge-events-rule-for-aws-support) in the *AWS Support User Guide*.
+ Subscribe that Amazon SNS topic to your Amazon Q Developer in chat applications configuration. For more information, see [Tutorial: Subscribing an Amazon SNS topic to Amazon Q Developer in chat applications](subscribe-sns-topic.md).
+ Add the managed role [https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSSupportAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSSupportAccess) to your Amazon Q Developer in chat applications role. For more information, see [Editing an IAM role for Amazon Q Developer in chat applications](editing-iam-roles-for-chatbot.md).