Close Menu

    Building an AIOps chatbot with Amazon Q Business custom plugins

    Many organizations rely on multiple third-party applications and services for different aspects of their operations, such as scheduling, HR management, financial data, customer relationship management (CRM) systems, and more. However, these systems often exist in silos, requiring users to manually navigate different interfaces, switch between environments, and perform repetitive tasks, which can be time-consuming and inefficient.

    Moreover, while many enterprise systems are equipped with APIs for integration, users often lack the technical expertise to interact with these APIs directly. As a result, organizations need an intuitive and seamless way to query data and perform actions across these applications using natural language, without requiring specialized knowledge of each system or its APIs.

    To address the challenge of integrating multiple third-party applications into a unified, natural language-driven interface, users can use plugins for Amazon Q Business. Plugins provide a way to bridge the gap between complex, siloed enterprise applications in a user-friendly interfacing empowering users to take action across systems with easy. Amazon Q Business supports multiple enterprise systems with pre-built plugins, as well as custom plugins, that users can use to integrate a variety of enterprise systems with Amazon Q Business applications.

    Solution overview

    In this post, we demonstrate how you can use custom plugins for Amazon Q Business to build a chatbot that can interact with multiple APIs using natural language prompts. We showcase how to build an AIOps chatbot that enables users to interact with their AWS infrastructure through natural language queries and commands. The chatbot is capable of handling tasks such as querying the data about Amazon Elastic Compute Cloud (Amazon EC2) ports and Amazon Simple Storage Service (Amazon S3) buckets access settings. For example, users can ask the chatbot questions like “Which EC2 instances have port 3389 open?” or request actions such as “Please close public access for S3 buckets.”

    By integrating other AWS services with Amazon Q using OpenAPI schemas, the chatbot can not only retrieve real-time information (such as checking which S3 buckets have public access), but also take corrective actions (such as closing open ports or public access) in response to user commands. This solution reduces manual intervention and simplifies complex cloud operations by enabling IT teams to manage infrastructure through natural language interactions. The chatbot will streamline operational tasks, reduce the need for switching between different tools, and improve the efficiency of IT and operations teams by allowing them to interact with complex systems using simple, intuitive language.

    Architecture

    To implement the solution, you will build the following architecture.

    Users sign in the AIOps Chatbot using the credentials configured in AWS IAM Identity Center. You will use finding and removing public access from S3 buckets along with finding and closing specific open ports on Amazon EC2 instances as the use cases to demonstrate the capability of this AIOps chatbot using Amazon Q Business custom plugins. However, you can extend the architecture to support other operations use cases through API based integration.

    You deploy the required infrastructure using the AWS Serverless Application Model (AWS SAM).

    The following is a summary of the functionality of the architecture:

    Prerequisites

    Deploy and run the solution

    The resources in this demonstration will be provisioned in the US East (N. Virginia) AWS Region (us-east-1). You walk through the following phases to implement the model customization workflow:

    1. Deploy the solution using the AWS SAM template
    2. Configure a user for the AIOps Q Business chatbot application
    3. Test the AIOps Q Business chatbot application
    4. Clean up

    Step 1: Deploy the solution using the AWS SAM template

    See the GitHub repository for the latest instructions. Run the following steps to deploy the AWS Step Functions workflow using the AWS SAM template.

    1. Create a new directory, navigate to that directory in a terminal, and clone the GitHub repository:
    git clone https://github.com/aws-samples/ai-ops-with-amazon-q-business.git

    2. Change directory to the solution directory:

    cd ai-ops-with-amazon-q-business

    3. Run the following command to deploy the resources using SAM.

    sam deploy -g

    4. When prompted, enter the following parameter values:

    Stack Name [sam-app]: aiops
AWS Region [us-east-1]: us-east-1
Confirm changes before deploy [y/N]: N

Allow SAM CLI IAM role creation [Y/n]: Y

Disable rollback [y/N]: N

FindS3BucketsWithPublicAccessFunction has no authentication. Is this okay? [y/N]: y

RemovePublicAcessFromS3BucketFunction has no authentication. Is this okay? [y/N]: y

FindEC2WithSpecificOpenPortFunction has no authentication. Is this okay? [y/N]: y

CloseUnwantedPortForEC2Function has no authentication. Is this okay? [y/N]: y

Save arguments to configuration file [Y/n]: Y

SAM configuration file [samconfig.toml]: hit enter

SAM configuration environment [default]: hit enter  

    5. Note the outputs from the AWS SAM deployment process. This contains the Amazon Q Business web experience (chatbot) URL. Before you can sign in to the chatbot application, you must set up a user.

    Step 2: Configure a user for the AIOps Amazon Q Business chatbot application

    Use the following steps to configure a user for the AIOps chatbot application.

    1. Open Amazon Q Business from the console and select the AIOps application.

    Amazon Console for AI Ops

    2. Choose Manage access and subscription.

    Choose Manage and Access subscription

    3. Choose Add groups and users.

    Add groups and users

    4. Select either Add and assign new users or Assign existing users and groups depending on if you pre-created the user as mentioned in the prerequisites and choose Next.

    5. If you have an existing user that you want to provide access to your AIOps application, search for and select the username and choose Assign.

    Choose Assign

    6. On the review page, select the current subscription and choose Confirm.

    Review page

    Step 3: Test the AIOps Q Business chatbot application

    Use the following steps to log into the chatbot and test it. Responses from large language models are non-deterministic. Hence, you may not get the exact same response every time.

    1. Take the QBusinessWebExperienceURL from the sam deploy output using the user credential configured in the previous step.
    2. After signing in to the AIOps Chatbot, select the kebab menu option (three dots) at the bottom right corner and select the AIOpsCustomPlugin as follows:

    AIOps Chatbot

    3. Enable public access on an Amazon S3 bucket. This is done for testing purposes only, so check your organization policies before performing this test. For this demo we used a bucket named aiops-chatbot-demo.

    4. Return to the AIOps Chatbot and enter a question such as: Do I have any S3 bucket with public access? and choose Submit. Provide the bucket prefix to narrow down the search.

    AIOps Chatbot - S3 buckets test

    5. The AIOps chatbot identifies the buckets that have public access:

    AIOps Answer - S3 Buckets

    6. Ask a follow up question such as: Please block the public access. The chat bot blocks public access. Validate the change from the S3 console.

    Chatbot - public access block

    7. Open a port, such as 1234, for an Amazon EC2 instance using security group inbound rules.

    Port test

    8. Return to the chat bot and enter a question such as: Do I have any EC2 instance with port 1234 open?

    9. After the chat bot identifies the EC2 instance with the open port, confirm that you want to close the port.

    10. The chat bot closes the open port and confirms.

    port close testing

    Clean up

    Properly decommissioning provisioned AWS resources is an important best practice to optimize costs and enhance security posture after concluding proofs of concept and demonstrations. To delete the resources deployed to your AWS account through AWS SAM, run the following command:

    sam delete

    OpenAPI schema definition

    After the custom plugin is deployed, Amazon Q Business will process a user’s prompt and use the OpenAPI schema to dynamically determine the appropriate APIs to call to accomplish the user’s goal. Therefore, the OpenAPI schema definition has a big impact on API selection accuracy. Follow the best practices for OpenAPI schema definition for ideal results. This AIOps chatbot demonstrated four operations supported by the following API operations:

    • find-s3-bucket-with-public-access – This API finds S3 buckets that have the specified prefix and are configured for public access.
    • remove-public-access-from-s3-bucket – This API removes public access from a specific S3 bucket.
    • find-ec2-with-specific-open-port – This API finds EC2 instances that have a specified port open for inbound access.
    • close-unwanted-port-for-ec2 – This API removes a specified port from a given EC2 instance.

    The API operations are implemented using API Gateway and Lambda functions.

    Troubleshooting

    The following are some troubleshooting steps if you encounter errors while using the AIOps chatbot.

    • As Amazon Q Business dynamically determines the appropriate API operations to be invoked, the questions (prompts) must be unambiguous. Be specific rather than asking generic questions. For example: Do I have any EC2 instance with port 1234 open? instead of Do I have any EC2 exposed to internet?
    • The APIs are exposed using API Gateway backed by Lambda functions. Check that you can invoke the API operations using Curl or API testing tools.
    • Check the Lambda function logs in Amazon CloudWatch for errors. Follow the Lambda debugging steps if needed.

    Conclusion

    In this post, you learned an end-to-end process for creating an AIOps chatbot using Amazon Q Business custom plugins, demonstrating how users can use natural language processing to interact with AWS resources and streamline cloud operations. By integrating other AWS services with Amazon Q Business, the chatbot can query infrastructure for security and compliance status while automating key actions such as closing open ports or restricting public access to S3 buckets. This solution enhances operational efficiency, reduces manual intervention, and enabled teams to manage complex environments more effectively through intuitive, conversational interfaces. With custom plugins and OpenAPI schemas, users can build a powerful, flexible chatbot solution tailored to their specific operational needs, transforming the way they manage IT operations and respond to business challenges.

    Further study

    For more information on Amazon Q Business and custom plugins:

    About the authors

    Upendra V is a Sr. Solutions Architect at Amazon Web Services, specializing in Generative AI and cloud solutions. He helps enterprise customers design and deploy production-ready Generative AI workloads, implement Large Language Models (LLMs) and Agentic AI systems, and optimize cloud deployments. With expertise in cloud adoption and machine learning, he enables organizations to build and scale AI-driven applications efficiently.

    Biswa Biswanath Mukherjee is a Senior Solutions Architect at Amazon Web Services. He works with large strategic customers of AWS by providing them technical guidance to migrate and modernize their applications on AWS Cloud. With his extensive experience in cloud architecture and migration, he partners with customers to develop innovative solutions that leverage the scalability, reliability, and agility of AWS to meet their business needs. His expertise spans diverse industries and use cases, enabling customers to unlock the full potential of the AWS Cloud.

    Source: Read More 

    Related Posts

    Leave A Reply