Assistance regarding enabling Amazon Quick Sight Q capabilities

We are currently working on a Quick Sight dashboard integration and would like assistance regarding enabling Amazon Quick Sight Q capabilities. Below are the details of our current implementation:

We have our data stored in a PostgreSQL database, which is imported into Quick Sight with a daily refresh schedule to ensure up-to-date insights. To secure the data, we have applied Row Level Security (RLS) to the dashboard by leveraging a specific column that determines user access levels based on their roles or associated organizations. This dashboard is embedded into our React website using the following steps:

1. Authenticate Users Using Amazon Cognito: We authenticate users via Cognito and retrieve their Cognito Identity ID using the GetIdCommand. Once the Identity ID is retrieved, we generate an OpenID token with the GetOpenIdTokenCommand.

2. Assume an IAM Role for Temporary Credentials: Using the OpenID token, we call the AssumeRoleWithWebIdentityCommand to assume an IAM role. This step provides temporary AWS credentials (Access Key, Secret Key, and Session Token), which allow us to perform Quick Sight operations securely.

3. Register Users in Quick Sight: If a user is not already registered, we use the RegisterUserCommand to register them dynamically in Quick Sight. Each user is assigned the Reader role, enabling them to view the dashboard.

4. Retrieve the User’s Quick Sight Username: Once the user is registered, we use the ListUsersCommand to fetch all registered users in Quick Sight and identify the username associated with the user’s email address.

5. Store User Information in PostgreSQL: We store user information, such as their Quick Sight username and associated company (determined from their email domain), in PostgreSQL. This information is used to enforce RLS by mapping the user’s username to their organization or role.

6. Generate the Dashboard Embed URL: Finally, we use the GetDashboardEmbedUrlCommand to generate a secure, user-specific embed URL. This URL is tied to the user’s session and permissions, ensuring that only authorized users can access the embedded dashboard.

Help Needed:

Now, we want to enable Amazon Quick Sight Q capabilities for our implementation. Specifically, we would like to integrate the natural language querying feature into our existing Quick Sight dashboards.

We are seeking guidance on:

• The prerequisites for enabling Q capabilities in our Quick Sight setup.
• Any additional configuration required for the datasets, dashboards, or permissions to support Q.
• Steps to incorporate and test Q capabilities effectively.
• Best practices for embedding dashboards with Q features enabled in a website.

Any detailed instructions or references to documentation that could help us enable and utilize Quick Sight Q capabilities would be greatly appreciated.

Hello Ajay,

Please see below and let others add more if i missed any

The prerequisites for enabling Q capabilities in our Quick Sight setup.

• check for the supported region -Supported AWS Regions for Amazon Q in QuickSight - Amazon QuickSight
• make sure you have at least one Pro-user or topic created for amazon Q to get enabled in your Quick Sight Account. (* A $250/month per account Amazon Q enablement fee applies for accounts with at least one Pro user or with at least one Amazon Q Topic.)

Any additional configuration required for the datasets, dashboards, or permissions to support Q.

• generally no. you need to create topic on the topic on the top of data set and share with users so that they can use it for Q&A
• see workshop Workshop Studio

Steps to incorporate and test Q capabilities effectively.

• Best practices for enabling business users to answer questions about data using natural language in Amazon QuickSight | AWS Business Intelligence Blog

Best practices for embedding dashboards with Q features enabled in a website.
-Embedding the Amazon Q in QuickSight Generative Q&A experience - Amazon QuickSight
-https://www.npmjs.com/package/amazon-quicksight-embedding-sdk#generative-qa-embedding

Hope this helps.
Cheers,
Deep

Cost Clarification for Registered Users in Quick Sight: License vs. License + Session Cost

We are implementing an integration with Quick Sight where we are:

1. Assigning an IAM role to users by using the AssumeRoleWithWebIdentityCommand from the AWS STS service to provide temporary credentials for Quick Sight access.
2. Registering users in the “default” namespace of Quick Sight as READER users using the RegisterUserCommand and associating each user with the IAM role.
3. Granting access to specific topics using the UpdateTopicPermissionsCommand.
4. Generating embed URLs for dashboards and generative Q&A topics via the GenerateEmbedUrlForRegisteredUserCommand.

Since our users are already registered in Quick Sight, we would like to understand the associated costs. Specifically:

• Will the cost for each user be limited to just the Quick Sight license fee (e.g., author/reader pricing)?
• Or, will it also include any session-based cost incurred each time a user accesses the dashboard or topic using the embed URL?

We want to ensure we account for all recurring costs accurately. Any clarification or documentation references would be greatly appreciated.

HEllo Ajay,

I would highly recommend to open a new thread on your question as it will help others as well and you get more attention from other experts as well.
Else it way get buried in the chain of resposne.

Thank you.
Cheers,
Deep