# Creating an Amazon Q Business application environment for anonymous access
Amazon Q Business application environments support anonymous access, enabling unauthenticated user interactions with the Amazon Q generative AI assistant. You can also make selected enterprise data accessible to users without requiring credentials, such as website visitors seeking product information or support. This can be integrated through:
+ Embedding the web experience URL in an iframe for quick deployment
+ Using the `Chat`, `ChatSync`, and `PutFeedback` APIs to build custom interfaces
Billing for anonymous access application environments is based on usage. For more information, see [Amazon Q Business pricing](https://aws.amazon.com/q/business/pricing/).
**Important**
**Limitations of anonymous application environments**
You can create your anonymous application environment using Amazon Q Business Console, API, SDK, and AWS CLI. You can only use the application environment with the chat APIs. The following are the only chat APIs that support anonymous access application environments.
`Chat`
`ChatSync`
`PutFeedback`
The web experience is only available for preview and testing purposes unless used within the context of an Amazon Q embedded implementation. For more information, see [Amazon Q embedded](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/embed-amazon-q-business.html).
The GetDocumentContent API is not available for anonymous applications, consistent with other APIs such as GetMedia that require authentication.
Chat history is not available for anonymous application environments
Anonymous users and authenticated users are not supported on the same application environments
Topic rules using users and groups are not supported for anonymous application environments
Plugins are not supported for anonymous application environments
Amazon Q Apps are not supported for anonymous application environments
Attachments are not supported for anonymous application environments
Admin controls and guardrails are read-only for anonymous application environments, except for [blocked words](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/guardrails-global-controls.html#guardrails-global-blocked).
Amazon Q Business integrations are not supported for anonymous application environments
The Amazon Q Quick integration is not supported for anonymous application environments
You must only ingest publicly available data sources without access control lists (ACLs). Examples of public data sources include:
any data from the Amazon Q Business Web Crawler
S3 data without Amazon Q Business ACLs
All other Amazon Q Business functionality and features remain unchanged.
**Topics**
+ [
## Creating an a Amazon Q Business application environment for anonymous access
](#create-anonymous-app)
+ [
# Making authenticated Amazon Q Business API calls for application environment supporting anonymous access
](making-sigv4-authenticated-api-calls-anonymous-applications.md)
+ [
# Managing resources for Amazon Q Business application environments that support anonymous access
](managing-anonymous-app-resources.md)
## Creating an a Amazon Q Business application environment for anonymous access
You can create an Amazon Q Business application environment that can be accessed anonymously using the Amazon Q Business Console, API, SDK, and AWS CLI. As a prerequisite, you must complete the [setting up](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html) tasks. If you're using the AWS CLI or the API, you must create the required [IAM roles](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html).
The following tabs provide a procedure for creating your Amazon Q Business application environment with anonymous access using the Amazon Q Business console; and an example using the AWS CLI.
------
#### [ Console ]
**To create an anonymous access application environment**
1. Sign in to the Amazon Q Business console.
1. On the **Create application environment** page, for **What kind of application environment do you want to create?**, enter the following information for your Amazon Q Business application environment:
1. **Application name** – A name for your Amazon Q Business application environment for easy identification. This name is only visible in the AWS Management Console. The name can include hyphens (-), but not spaces, and can have a maximum of 1,000 alphanumeric characters. Amazon Q Business auto-generates an application environment name for you, unless you choose to enter a custom name.
1. **User Access** – Choose ** Anonymous access**, users can then access this application environment without authentication.
**Note**
The web experience is only available for preview and testing purposes *unless* used within the context of an Amazon Q embedded implementation. For more information, see [Amazon Q embedded](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/embed-amazon-q-business.html). If you want this capability, choose **Web experience**
1. For application environments with **Anonymous access**, you will be billed using usage based billing. For more information, see [Amazon Q Business pricing](https://aws.amazon.com/q/business/pricing/).
1. For **Application details** – Amazon Q Business chooses the following configuration settings for your application environment by default:
1. For **Application service access** – Amazon Q Business will create a new service-linked role for your application environment.
1. **Encryption** – Amazon Q Business will create an AWS owned AWS KMS key to encrypt your data.
1. (Optional) To customize **Application details**, expand the **Application details section**, and then do the following:
1. In **Application service access**, for **Choose a method to authorize Amazon Q Business**, choose from the following options:
1. **Create and use a new service-linked role (SLR)** – Create and use a new Amazon Q Business-managed IAM role to allow it to access the AWS resources it needs to create your application environment.
1. **Create and use a new service role (SR)** – Create and use a new IAM role for Amazon Q Business to allow it to access the AWS resources it needs to create your application environment.
1. **Use an existing service role (SR)/service-linked role (SLR)** – Use an existing service role or service-linked IAM role to allow Amazon Q Business to access the AWS resources it needs to create your application environment.
**Note**
For more information about example service roles, see [IAM role for an Amazon Q Business application](create-application-iam-role.md). For information on service-linked roles, including to manage them, see [Using service-linked roles](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/using-service-linked-roles.html).
1. **Service role name** – A name for the service (IAM) role you created for easy identification on the console.
1. For **Encryption** – Amazon Q Business encrypts your data by default using AWS managed AWS KMS keys. To customize your encryption settings, select **Customize encryption settings (advanced)**. Then, you can choose to use an existing AWS KMS key or create a new one.
1. For **Web experience service settings**, consider the following.
1. **If you will use the web experience feature, choose a method to authorize Amazon Q Business** – A service access role assumed by your web experience that grants permission to have conversations anonymously. You can choose to use an existing role or create a new role.
1. **Service role name** – A name for the service role you created for easy identification on the console.
1. To start creating your application environment, choose **Create**.
------
#### [ AWS CLI ]
**To configure an Amazon Q Business application environment for anonymous access**
```
aws qbusiness create-application \
--region your-region
--display-name application-name \
--identity-type ANONYMOUS \
--role-arn your-role-arn \
--description application-description \
--encryption-configuration kmsKeyId= \
```
**Note**
The web experience is only available for preview and testing purposes *unless* used within the context of an Amazon Q embedded implementation. For more information, see [Amazon Q embedded](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/embed-amazon-q-business.html).
**To create an Amazon Q Business web experience**
If you use the web experience, you must add the web experience permissions and trust [IAM policiesAPI policy](anonymous-application-iam-policies.md) here.
```
aws qbusiness create-web-experience \
--application-id the-application-id-from-the-previous-step \
--role-arn iam-role-created \
--region your-region \
```
------
# Making authenticated Amazon Q Business API calls for application environment supporting anonymous access
Amazon Q Business can securely handle data with integrated authentication and authorization. In order to achieve this, a subset of the Amazon Q Business APIs ([Chat](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_Chat.html), [ChatSync](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_ChatSync.html), and [PutFeedback](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_PutFeedback.html)) require identity-unaware [AWS Sig V4 credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/signing-elements.html) for the API call that is being made.
**Topics**
+ [
## Prerequisites
](#sigv4-auth-api-calls-prereqs-anonymous-applications)
+ [
## One-time setup
](#setup-anonymous-applications)
+ [
## Workflow for each API call session
](#data-plane-workflow)
## Prerequisites
Before you begin setting up for making Sig V4 authenticated API calls for anonymous application environments, make sure you've done the following:
+ [Created an Amazon Q Business anonymous application environment](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-anonymous-application.html).
+ Configured access to the AWS CLI.
## One-time setup
The following section outlines the steps to set up the Amazon Q Business access for application environment that support anonymous access. You only need to perform these steps once.
1. Create a directory named *policies*.
1. Then, in the same directory, create and save a file named *permspolicyforAPIanonymous.json* with the following JSON.
**API permissions policy**
```
{
"Version": "2012-10-17", ,
"Statement": [{
"Sid": "QBusinessAnonymousConversationAPIPermissions",
"Effect": "Allow",
"Action": [
"qbusiness:Chat",
"qbusiness:ChatSync",
"qbusiness:PutFeedback"
],
"Resource": "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}"
}]
}
```
1. Finally, create and attach the policy using the following commands in the AWS CLI.
**Create and attach policy**
```
aws iam \
create-role \
--role-name
--policy-document file://policies/permspolicyforAPIanonymous.json
```
## Workflow for each API call session
1. First, call the [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) API to get AWS credentials. To do so, use the following command:
```
aws sts
assume-role
--role-arn role arn
--role-session-name session-name
```
1. Then, set the following environment variables in your command line environment using the credentials you received as a response from the [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) API call.
```
AWS_ACCESS_KEY_ID="sigv4-access-key"
AWS_SECRET_ACCESS_KEY="sigv4-secret-key"
AWS_SESSION_TOKEN="sigv4-session-token"
```
Then, make Amazon Q Business API calls using the following command:
```
aws qbusiness \
chat-sync \
--application-id application-id
--user-message sample-chat-request
```
# Managing resources for Amazon Q Business application environments that support anonymous access
You can choose to manage your Amazon Q Business application environment and associated resources. To learn how to do so, see the following sections:
**Topics**
+ [
# Example IAM policies for Amazon Q Business application environment supporting anonymous access
](anonymous-application-iam-policies.md)
+ [
# Managing Amazon Q Business anonymous application environments
](supported-anonymous-app-actions.md)
+ [
# Managing Amazon Q Business web experiences for anonymous access
](supported-exp-actions-anonymous.md)
# Example IAM policies for Amazon Q Business application environment supporting anonymous access
We strongly recommend that you use a restricted policies for the role that will be used to call the chat APIs for anonymous access application environments.
You need permission policies to use Amazon Q Business application environments that support anonymous access. The following are examples of such restricted policies.
**Topics**
+ [
## Policy for calling relevant APIs
](#anonymous-application-iam-policies-api)
+ [
## Policies for using the web experience
](#anonymous-application-iam-policies-web-experience)
## Policy for calling relevant APIs
**Example policy to allow the Amazon Q Business APIs for anonymous access**
```
{
"Version": "2012-10-17", ,
"Statement": [{
"Sid": "QBusinessAnonymousConversationAPIPermissions",
"Effect": "Allow",
"Action": [
"qbusiness:Chat",
"qbusiness:ChatSync",
"qbusiness:PutFeedback"
],
"Resource": "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}"
}]
}
```
**Applying your restricted policies to an IAM role for using APIs for Amazon Q application environments supporting anonymous access**
1. Create a directory named *policies*.
1. In that directory, create and save a file named *permspolicyforAPIanonymous.json* with the JSON for allowing Amazon Q Business API calls for anonymous access.
1. Finally, create and attach the policy using the following commands in the AWS CLI.
**Create and attach policy**
```
aws iam \
create-role \
--policy-document file://policies/permspolicyforAPIanonymous.json
```
## Policies for using the web experience
**Example policy to allow the Amazon Q Business web experience for anonymous access**
```
{
"Version": "2012-10-17", ,
"Statement": [{
"Sid": "QBusinessAnonymousWebExperienceConversationPermissions",
"Effect": "Allow",
"Action": [
"qbusiness:Chat",
"qbusiness:ChatSync",
"qbusiness:PutFeedback",
"qbusiness:GetChatControlsConfiguration",
"qbusiness:GetApplication",
],
"Resource": "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}"
}]
}
```
**Example trust policy to allow the Amazon Q Business web experience for anonymous access**
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "QBusinessTrustPolicy",
"Effect": "Allow",
"Principal": {
"Service": "application.qbusiness.amazonaws.com"
},
"Action": [
"sts:AssumeRole"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{account_id}}"
},
"ArnEquals": {
"aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}"
}
}
}
]
}
```
**Applying your restricted policies for using the web experience to an IAM role**
1. Create a directory named *policies*.
1. Then, in the same directory, create and save a file named *permspolicyforwebexperienceanonymous* with the JSON for allowing the Amazon Q Business web experience for anonymous access.
1. Then, in the same directory, create and save a file named *trustpolicyforanonymous.json* with the JSON for the trust policy to allow the Amazon Q Business web experience for anonymous access
1. Finally, create and attach the policies using the following commands in the AWS CLI.
**Create and attach policy**
```
aws iam \
create-role \
--role-name --assume-role-policy-document file://policies/trustpolicyforanonymous.json \
--policy-document file://policies/permspolicyforwebexperienceanonymous.json
```
**Note**
For the web experience to work properly with AWS CLI commands both policies are needed
**Amazon Q also supports using a service-linked role (`AWSServiceRoleForQBusiness`) for an Amazon Q application environment. The following is the service-linked role policy:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "QBusinessPutMetricDataPermission",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/QBusiness"
}
}
},
{
"Sid": "QBusinessCreateLogGroupPermission",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/qbusiness/*"
]
},
{
"Sid": "QBusinessDescribeLogGroupsPermission",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "*"
},
{
"Sid": "QBusinessLogStreamPermission",
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/qbusiness/*:log-stream:*"
]
}
]
}
```
------
For more information on using service-linked roles for an Amazon Q application environment, see [Using service-linked roles](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/using-service-linked-roles.html).
# Managing Amazon Q Business anonymous application environments
To manage an Amazon Q Business application environment, you can take the following actions:
**Topics**
+ [
## Deleting an anonymous application environment
](#delete-anonymous-app)
+ [
## Getting anonymous application environment properties
](#describe-anonymous-app)
+ [
## Listing anonymous application environments
](#list-anonymous-app)
+ [
## Updating an application environment
](#update-anonymous-app)
## Deleting an anonymous application environment
To delete an Amazon Q Business anonymous application environment, you can use the console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_DeleteApplication.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_DeleteApplication.html) API operation.
The following tabs provide a procedure for the console and code example for the AWS CLI.
------
#### [ Console ]
**To delete an Amazon Q Business application environment**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, choose **Actions**.
1. Choose **Delete**.
1. In the dialog box that opens, type **Delete** to confirm deletion, and then choose **Delete**.
You are returned to the service console while your application environment is deleted. When the deletion process is complete, the console displays a message confirming successful deletion.
------
#### [ AWS CLI ]
**To delete an Amazon Q Business application environment**
```
aws qbusiness delete-application \
--application-id application-id
```
------
## Getting anonymous application environment properties
To get the properties of an Amazon Q Business application environment, you can use the console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_GetApplication.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_GetApplication.html) API operation.
The following tabs provide a procedure for the console and code examples for the AWS CLI.
------
#### [ Console ]
**To get properties of an Amazon Q Business application environment**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. For **Applications**, select the name of your application environment from the list of application environments.
1. On **Application settings**, the following properties are available:
+ **Application name** – The name that you chose for your application environment.
+ **Application ID** – The ID assigned to your application environment.
+ **Subtitle** – The subtitle that you chose to assign to your application environment.
+ **Service access** – The service access role that your application environment is using.
+ **Title** – The title that you gave to your application environment.
+ **Application status** – The status of your application environment.
To update a setting, select **Edit**.
------
#### [ AWS CLI ]
**To get Amazon Q Business application environment properties **
```
aws qbusiness get-application \
--application-id application-id
```
------
## Listing anonymous application environments
To list Amazon Q Business application environments, you can use the console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_ListApplications.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_ListApplications.html) API operation.
The following tabs provide a procedure for the console and code examples for the AWS CLI.
------
#### [ Console ]
**To list your Amazon Q Business application environments**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, all your configured application environments are listed.
------
#### [ AWS CLI ]
**To list Amazon Q Business application environments **
```
aws qbusiness list-applications \
--max-results max-results-to-return
```
------
## Updating an application environment
To update an Amazon Q Business application environment, you can use the console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateApplication.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateApplication.html) API operation.
The following tabs provide a procedure for the console and code examples for the AWS CLI.
------
#### [ Console ]
**To update an Amazon Q Business application environment**
**Option 1**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, select the name of your application environment from the list of application environments.
1. In **Applications**, choose **Actions**.
1. Choose **Edit**.
On the **Update application environment** page, edit your application environment settings.
**Option 2**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, select the name of your application environment from the list of application environments.
1. On the application environment page, select **Edit** from the page header, or select **Edit** from **Application settings**.
1. Choose **Edit**.
On the **Update application environment** page, edit your application environment settings.
------
#### [ AWS CLI ]
**To update an Amazon Q Business application environment **
```
aws qbusiness update-application \
--application-id application-id \
--display-name application-name \
--role-arn your-role-arn \
--description application-description \
```
------
# Managing Amazon Q Business web experiences for anonymous access
To manage Amazon Q Business web experiences for anonymous access, you can take the following actions:
**Topics**
+ [
## Share an anonymous web experience
](#create-experience-anonymous-url)
+ [
## Deleting a web experience
](#delete-web-experience-anonymous)
+ [
## Getting properties of a web experience
](#describe-web-experience-anonymous)
+ [
## Listing web experiences
](#list-web-experiences-anonymous)
+ [
## Updating a web experience
](#update-web-experience-anonymous)
## Share an anonymous web experience
If you created a web experience when you created your application, you can preview that Amazon Q Business web experience for anonymous access, using the console or the [CreateAnonymousWebExperienceUrl](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateAnonymousWebExperienceUrl.html) API operation.
**Note**
The preview URL for the web experience is for one-time use only and has to be regenerated every time. This URL must be accessed within 5 minutes of creation. Once accessed, the session remains active for the configured duration. To use the web experience in your applications, you must use the [Amazon Q embedded](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/embed-amazon-q-business.html) feature and call the [CreateAnonymousWebExperienceUrl](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateAnonymousWebExperienceUrl.html) API operation whenever you need a new application session or after one hour whichever comes first.
All anonymous web experience URLs generated are able to process billable chat requests until the sessions expire. For more information, see [Amazon Q Business pricing](https://aws.amazon.com/q/business/pricing/).
The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.
------
#### [ Console ]
1. After [Creating an anonymous access application environment](create-anonymous-application.md#create-anonymous-app) in the console with a web experience, you can navigate to your anonymous application.
1. In the **Web experience settings** section in the console, you can **Preview web experience** to view the web experience.
1. Alternatively, you can choose to **Share the web experience URL** to share the web experience. To do this, you can choose the duration your **Testing link is valid for** and choose **Create URL**. The URL will be automatically copied to your clipboard.
------
#### [ AWS CLI ]
**To share an Amazon Q Business anonymous web experience url**
After [Creating an anonymous access application environment](create-anonymous-application.md#create-anonymous-app) with a web experience, you can do the following.
```
aws qbusiness create-anonymous-web-experience-url \
--application-id \
--web-experience-id
--session-duration-in-minutes
```
------
## Deleting a web experience
To delete an Amazon Q Business web experience, you can use the console or the [DeleteWebExperience](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_DeleteWebExperience.html) API operation.
If you're using the API, you can delete a web experience without deleting the application environment that it's a part of.
If you're using the console, the only way to delete your Amazon Q Business web experience is to delete the Amazon Q Business application environment that it's attached to.
**Note**
Even after deleting the web experience all URLs connected to this web experience continue to process billable chat requests until their sessions expire. For more information, see [Share an anonymous web experience](#create-experience-anonymous-url).
The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.
------
#### [ Console ]
**To delete an Amazon Q Business web experience**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, choose **Actions**.
1. Choose **Delete**.
1. In the dialog box that opens, type **Delete** to confirm deletion, and then choose **Delete**.
You are returned to the service console while your application environment is deleted. When the deletion process is complete, the console displays a message confirming successful deletion. Both the application environment and the web experience are deleted.
------
#### [ AWS CLI ]
**To delete an Amazon Q Business web experience**
```
aws qbusiness delete-web-experience \
--application-id application-id \
--web-experience-id web-experience-id
```
------
## Getting properties of a web experience
To get the properties of an Amazon Q Business web experience, you can use the console or the [GetWebExperience](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_GetWebExperience.html) API operation.
The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.
------
#### [ Console ]
**To get properties of an Amazon Q Business web experience **
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, select the name of your application environment from the list of applications.
1. For **Web experience settings**, the following settings are available:
+ **Web experience IAM role ARN** – The IAM role assumed by end users when they log in to your web experience.
+ **Deployed URL** – The deployed URL of your web experience.
+ **Tags** – Tags that are attached to your web experience.
To update a setting, choose **Edit**.
------
#### [ AWS CLI ]
**To get properties of an Amazon Q Business web experience**
```
aws qbusiness get-web-experience \
--application-id application-id \
--web-experience-id web-experience-id
```
------
## Listing web experiences
To list Amazon Q Business web experiences, you can use the console or the [ListWebExperiences](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_ListWebExperiences.html) API operation.
If you use the console, you can only see the web experience that's attached to a single application environment.
The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.
------
#### [ Console ]
**To list Amazon Q Business web experiences**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. For **Applications**, the Amazon Q Business web experience attached to your application environment is shown.
------
#### [ AWS CLI ]
**To list Amazon Q Business web experiences**
```
aws qbusiness get-web-experience \
--application-id application-id \
--web-experience-id web-experience-id \
--max-results max-results-to-return
```
------
## Updating a web experience
To update an Amazon Q Business web experience, you can use the console or the [UpdateWebExperience](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateWebExperience.html) API operation.
The following tabs provide a procedure for the AWS Management Console and code examples for the AWS CLI.
------
#### [ Console ]
**To update an Amazon Q Business web experience**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. In **Applications**, select the name of your application environment from the list of applications.
1. Select **Customize web experience**.
1. Expand the right navigation menu to edit your web experience settings.
------
#### [ AWS CLI ]
**To update an Amazon Q Business web experience**
```
aws qbusiness update-web-experience \
--application-id application-id \
--web-experience-id web-experience-id \
--subtitle subtitle \
--title title \
--welcome-message welcome-message
```
------