1. Introduction
Amazon Q Developer is AWS’s generative AI assistant for developers, cloud engineers, DevOps engineers, security engineers, and anyone building applications on AWS.
It helps you write code, understand code, debug errors, review security issues, generate tests, explain AWS services, troubleshoot cloud problems, modernize applications, and improve developer productivity inside your IDE, AWS Console, documentation pages, chat applications, and command-line workflows.
Earlier, AWS had a tool called Amazon CodeWhisperer. CodeWhisperer focused mainly on AI-powered code suggestions and security scans. Today, those capabilities are part of Amazon Q Developer. So when people say “CodeWhisperer,” they are usually referring to the older name for features that now live under Amazon Q Developer.
In simple words:
Amazon CodeWhisperer = older AWS coding assistant
Amazon Q Developer = newer, broader AI assistant for developers and AWS builders
Amazon Q Developer is not just autocomplete. It is a developer assistant that can help across the full software lifecycle:
Plan → Code → Test → Review → Debug → Secure → Deploy → Operate → Modernize
2. What is Amazon Q Developer?
Amazon Q Developer is a generative AI assistant from AWS designed to help you build, understand, improve, secure, and operate software.
It can help with:
- Code generation
- Code explanation
- Inline code completion
- Debugging
- Refactoring
- Unit test generation
- Security scanning
- Secrets detection
- Infrastructure-as-code review
- AWS service guidance
- Cloud troubleshooting
- Lambda, API Gateway, IAM, S3, DynamoDB, ECS, EKS, CloudFormation, CDK, SAM, and Terraform help
- Java and .NET code transformation
- Command-line code transformation workflows
- AWS Console assistance
- AWS documentation assistance
Think of it as an AWS-aware coding and cloud assistant.
3. Why use Amazon Q Developer?
You should use Amazon Q Developer because it reduces the time spent on repetitive development tasks and helps you learn AWS faster.
Common reasons to use it:
3.1 Faster coding
Instead of manually writing boilerplate code, you can ask Amazon Q Developer to generate a function, class, API handler, unit test, or AWS SDK example.
Example prompt:
Write a Python Lambda function that reads records from an SQS event and stores them in DynamoDB.
3.2 Better AWS learning
You can ask AWS-specific questions directly inside your IDE or AWS Console.
Example:
Explain the difference between an IAM role and an IAM policy with examples.
3.3 Faster debugging
You can paste or select error messages and ask Amazon Q to explain the problem.
Example:
Why am I getting AccessDeniedException when my Lambda function writes to DynamoDB?
3.4 Better security
Amazon Q Developer can review code for security issues, secrets, infrastructure misconfiguration, dependency problems, and quality issues.
Example:
Review this Lambda function for security issues and suggest safer alternatives.
3.5 Faster modernization
Amazon Q Developer can help transform supported Java and .NET applications, such as upgrading Java versions or modernizing code.
Example:
Help me upgrade this Java 8 application to Java 17.
3.6 Useful for beginners and professionals
Beginners can use it to learn AWS concepts. Professionals can use it to speed up coding, reviews, troubleshooting, and documentation.
4. Amazon Q Developer use cases
Amazon Q Developer is useful in many real-world scenarios.
4.1 Serverless development
You can ask it to create Lambda functions, API Gateway handlers, SAM templates, CloudFormation snippets, or DynamoDB access code.
Example:
Create an AWS SAM template for API Gateway + Lambda + DynamoDB.
4.2 DevOps and cloud operations
You can ask it to explain deployment errors, CloudWatch logs, IAM issues, or infrastructure templates.
Example:
Explain why this CloudFormation stack failed and suggest a fix.
4.3 Code review
You can ask it to review code for bugs, readability, performance, and security.
Example:
Review this function for edge cases and performance problems.
4.4 Unit testing
You can ask it to generate tests for existing code.
Example:
Generate pytest unit tests for this Python function.
4.5 Documentation
You can ask it to generate README files, API documentation, architecture explanations, and onboarding notes.
Example:
Create a README file for this project explaining setup, configuration, and deployment.
4.6 IAM policy explanation
IAM policies can be painful. Amazon Q Developer can help explain what a policy does.
Example:
Explain this IAM policy in simple language and tell me if it is too broad.
4.7 Infrastructure as Code
You can use it with:
- AWS CloudFormation
- AWS SAM
- AWS CDK
- Terraform
- Kubernetes YAML
- Dockerfiles
- GitHub Actions workflows
Example:
Review this CloudFormation template and identify security or configuration risks.
4.8 Application modernization
For supported workloads, Amazon Q Developer can help transform old codebases, especially Java and .NET modernization scenarios.
5. Amazon Q Developer vs CodeWhisperer
Amazon CodeWhisperer was AWS’s AI coding assistant. It mainly provided inline code suggestions and security scans.
Amazon Q Developer is broader.
| Feature | CodeWhisperer | Amazon Q Developer |
|---|---|---|
| Inline code suggestions | Yes | Yes |
| Security scans | Yes | Yes |
| Chat with AI assistant | Limited / newer transition | Yes |
| AWS architecture help | Limited | Yes |
| AWS Console assistance | No / limited | Yes |
| Code explanation | Limited | Yes |
| Code transformation | No / limited | Yes |
| Debugging help | Limited | Yes |
| Broader developer workflow | No | Yes |
Simple version:
CodeWhisperer helped write code.
Amazon Q Developer helps write, understand, secure, debug, modernize, and operate code.
6. Amazon Q Developer vs Amazon Q Business
This is an important distinction.
| Product | Main audience | Main purpose |
|---|---|---|
| Amazon Q Developer | Developers, DevOps, cloud engineers | Build, debug, secure, and operate software |
| Amazon Q Business | Business users, employees, departments | Search and use enterprise company knowledge |
Use Amazon Q Developer when you want help with code, AWS, architecture, DevOps, infrastructure, and debugging.
Use Amazon Q Business when you want an internal company AI assistant connected to business documents, HR policies, wikis, tickets, and enterprise data.
7. Amazon Q Developer Free vs Pro
Amazon Q Developer has Free and Pro tiers.
Free tier
The Free tier is suitable for individuals, beginners, students, and developers who want to try Amazon Q Developer.
You can usually start with a personal AWS Builder ID.
Good for:
- Learning
- Individual coding help
- Basic IDE assistance
- Trying Amazon Q Developer before using it professionally
Pro tier
The Pro tier is the paid version intended for professional developers and teams.
Good for:
- Higher usage limits
- Team use
- IAM Identity Center integration
- Enterprise administration
- Professional development environments
- Organization-managed access
In simple terms:
Free tier = good for learning and personal use
Pro tier = good for professional and team use
8. Where can you use Amazon Q Developer?
Amazon Q Developer can be used in multiple places.
8.1 IDEs
Common IDE options include:
- Visual Studio Code
- JetBrains IDEs such as IntelliJ IDEA, PyCharm, WebStorm
- Eclipse
- Visual Studio through AWS Toolkit integration
This is the most common developer workflow.
8.2 AWS Management Console
Amazon Q Developer can help you understand AWS services, diagnose console errors, ask questions about AWS resources, and get AWS guidance.
8.3 AWS documentation
Amazon Q can help answer questions while reading AWS documentation.
8.4 Chat applications
Amazon Q Developer can be used in supported chat application workflows for AWS operations and troubleshooting.
8.5 Command line
Important current note:
The older Amazon Q Developer CLI experience has moved to Kiro CLI. So for terminal-based AI assistant workflows, you should now look at Kiro CLI.
Amazon Q Developer also has a separate command-line transformation tool called qct, used for supported code transformation scenarios.
So there are two command-line ideas:
Kiro CLI = terminal AI assistant successor to old Amazon Q CLI
qct = Amazon Q Developer command-line transformation tool
Do not confuse these with the AWS CLI.
aws = AWS CLI for calling AWS services
kiro-cli = AI coding assistant CLI successor to old Amazon Q CLI
qct = Amazon Q Developer code transformation CLI
9. Prerequisites
Before using Amazon Q Developer, you should have:
For IDE usage
- A supported IDE such as VS Code or JetBrains
- Internet access
- AWS Builder ID for personal/free use, or IAM Identity Center access for company/pro use
For AWS Console usage
- AWS account access
- IAM permissions for the AWS services you are using
- Optional: Amazon Q Developer Pro for enhanced organization-managed features
For code transformation CLI usage
- macOS or Linux
- Python 3.12 or later
- Access to Amazon Q Developer Pro through IAM Identity Center
- Required permissions for transformation
- For Java transformations, a supported Java and Maven environment
- A source application within supported size and structure limits
For Kiro CLI usage
- Supported OS
- AWS Builder ID or supported identity method
- Terminal access
- Project folder to work in
10. Install Amazon Q Developer in Visual Studio Code
Step 1: Open VS Code
Open Visual Studio Code.
Step 2: Open Extensions
Click the Extensions icon on the left sidebar.
Step 3: Search for Amazon Q
Search:
Amazon Q
Install the official Amazon Q extension.
Step 4: Open Amazon Q
After installation, click the Amazon Q icon in VS Code.
Step 5: Choose sign-in method
You usually have two choices:
Personal account
Company account
Choose Personal account if you are using AWS Builder ID.
Choose Company account if your organization uses IAM Identity Center and Amazon Q Developer Pro.
Step 6: Authenticate in browser
VS Code opens your browser.
Sign in and allow access.
Step 7: Return to VS Code
After authentication, return to VS Code.
Step 8: Start using Amazon Q
Open the Amazon Q panel and ask:
Explain this project structure.
Or open a source file and ask:
Explain the selected code.
11. Install Amazon Q Developer in JetBrains IDEs
This applies to IntelliJ IDEA, PyCharm, WebStorm, and similar JetBrains IDEs.
Step 1: Open JetBrains IDE
Open IntelliJ IDEA, PyCharm, or another JetBrains IDE.
Step 2: Open plugins
Go to:
Settings → Plugins
or
Preferences → Plugins
Step 3: Search Amazon Q
Search:
Amazon Q
Install the official Amazon Q plugin.
Step 4: Restart IDE if required
Some JetBrains plugin installations require restart.
Step 5: Open Amazon Q panel
Click the Amazon Q icon.
Step 6: Sign in
Choose either:
Personal account
or:
Company account
Step 7: Authenticate
Complete browser authentication.
Step 8: Start using Amazon Q
Example prompt:
Analyze this Java class and suggest improvements.
12. Personal account vs company account
Personal account
Use a personal account when:
- You are learning
- You are using the Free tier
- You do not have company IAM Identity Center access
- You want to experiment quickly
Usually this uses AWS Builder ID.
Company account
Use a company account when:
- Your employer manages Amazon Q Developer Pro
- Your organization uses IAM Identity Center
- You need team-level administration
- You need organization-managed access
- Your administrator gave you a Start URL and Region
For company login, you usually need:
Start URL
AWS Region
IAM Identity Center user access
Amazon Q Developer Pro subscription
13. First hands-on exercise: Ask Amazon Q to explain code
Create a file named:
app.py
Add this code:
import json
def lambda_handler(event, context):
name = event.get("name", "World")
return {
"statusCode": 200,
"body": json.dumps({"message": f"Hello, {name}!"})
}
Select the code and ask Amazon Q:
Explain this Lambda function line by line.
Expected result:
Amazon Q should explain:
jsonis used to create JSON outputlambda_handleris the Lambda entry pointevent.get("name", "World")reads the name field or defaults to World- The function returns an API-style response
14. Second hands-on exercise: Generate code
Ask Amazon Q:
Create a Python function that validates an email address using a regular expression.
Then ask:
Add unit tests for this function using pytest.
Then ask:
Explain the edge cases this validation does not handle.
This is a good workflow:
Generate → Test → Improve → Explain
15. Third hands-on exercise: Generate AWS Lambda code
Ask Amazon Q:
Write a Python AWS Lambda function that receives an API Gateway request, validates a JSON body with name and email fields, and stores the item in DynamoDB.
Then ask:
Add error handling for invalid JSON, missing fields, and DynamoDB failures.
Then ask:
Generate pytest unit tests using botocore Stubber or mocks.
This gives you a more realistic cloud development workflow.
16. Fourth hands-on exercise: Generate an AWS SAM template
Ask Amazon Q:
Create an AWS SAM template for API Gateway, Lambda, and DynamoDB. The Lambda function should have permission to put items into the table.
Amazon Q may generate something like:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API Gateway Lambda DynamoDB app
Globals:
Function:
Runtime: python3.12
Timeout: 10
MemorySize: 128
Resources:
UsersTable:
Type: AWS::DynamoDB::Table
Properties:
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: userId
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
CreateUserFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: app.lambda_handler
Environment:
Variables:
TABLE_NAME: !Ref UsersTable
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref UsersTable
Events:
CreateUserApi:
Type: Api
Properties:
Path: /users
Method: post
Outputs:
ApiUrl:
Description: API Gateway endpoint
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/users"
Then ask:
Review this SAM template for security and production readiness.
Amazon Q may suggest:
- Use structured logging
- Add tracing
- Add validation
- Avoid hardcoded table names unless needed
- Add environment-specific parameters
- Add least-privilege policies
- Add alarms
17. Inline code suggestions
Amazon Q Developer can provide inline code suggestions while you type.
Example:
Start typing:
def calculate_monthly_payment(
Amazon Q may suggest the rest of the function.
You can usually accept suggestions with a keyboard shortcut depending on your IDE.
Typical workflow:
- Start typing code.
- Wait for ghost-text suggestion.
- Accept the suggestion if it is useful.
- Edit it manually.
- Ask Amazon Q to explain or improve it.
Important habit:
Never accept AI-generated code blindly.
Always review:
- Correctness
- Security
- Edge cases
- Error handling
- Dependencies
- Licensing/reference concerns
- Performance
18. Chat-based development workflow
A strong Amazon Q workflow is:
Ask → Generate → Review → Refine → Test → Secure → Document
Example conversation:
I am building a Python Lambda API that writes to DynamoDB. Generate the handler code.
Then:
Now add input validation.
Then:
Add structured logging.
Then:
Add unit tests.
Then:
Review the final code for security issues.
Then:
Create a README explaining how to deploy with AWS SAM CLI.
This is much better than asking one giant question and accepting the first answer.
19. Useful Amazon Q Developer prompts
Code generation
Write a Python function that reads a CSV file from S3 and stores each row in DynamoDB.
Create a Node.js Express route that validates a request body and returns proper HTTP status codes.
Generate a Java class that calls an external REST API with retries and timeout handling.
Code explanation
Explain this code in simple language.
Explain the selected function line by line.
What does this regular expression do?
Refactoring
Refactor this function to make it easier to test.
Split this large function into smaller functions.
Improve readability without changing behavior.
Debugging
This function fails with KeyError. Explain why and fix it.
Why am I getting AccessDeniedException in this Lambda function?
Analyze this stack trace and suggest the root cause.
Unit tests
Generate pytest tests for this function.
Generate Jest tests for this TypeScript file.
Add tests for edge cases and failure paths.
AWS help
Explain the difference between Lambda reserved concurrency and provisioned concurrency.
Create an IAM policy that allows read-only access to one S3 bucket.
Explain why this CloudFormation template fails.
Security review
Review this code for security vulnerabilities.
Find hardcoded secrets or unsafe logging.
Review this IAM policy for least-privilege problems.
Documentation
Create a README for this project.
Write deployment instructions for this SAM application.
Create an architecture overview from this codebase.
20. Code review with Amazon Q Developer
Amazon Q Developer can review code for different categories of issues, including:
- Static application security testing findings
- Secrets in code
- Infrastructure-as-code security issues
- Code quality issues
- Deployment risks
- Third-party dependency issues
A useful review prompt is:
Review this code for security, correctness, error handling, and maintainability. Give me the top issues first.
For infrastructure:
Review this CloudFormation template for least-privilege IAM, public exposure, encryption, and logging.
For application code:
Review this API handler for injection risk, unsafe input handling, missing validation, and bad error responses.
Good review habit:
Ask Amazon Q for problems, not only improvements.
Weak prompt:
Is this code good?
Better prompt:
Find bugs, security problems, missing edge cases, and production-readiness issues in this code.
21. Security best practices when using Amazon Q Developer
Amazon Q Developer is powerful, but you still need safe habits.
21.1 Do not paste secrets
Avoid pasting:
- AWS access keys
- API tokens
- Passwords
- Database credentials
- Private keys
- Customer data
- Confidential company data unless your organization allows it
21.2 Review generated code
AI-generated code may be incomplete, incorrect, outdated, or insecure.
Always check:
Does it work?
Is it secure?
Does it follow our architecture?
Does it handle errors?
Does it log too much?
Does it expose secrets?
Does it use least privilege?
21.3 Use least privilege
When asking for IAM policies, do not ask for broad permissions.
Weak prompt:
Give my Lambda full access to DynamoDB.
Better prompt:
Create a least-privilege IAM policy that allows this Lambda function to PutItem and GetItem only on this specific DynamoDB table.
21.4 Ask for explanation
Whenever Q generates infrastructure or IAM, ask:
Explain each permission and why it is needed.
21.5 Test before deploying
Use local tests, unit tests, integration tests, and staging deployments.
AI assistance is not a replacement for testing. Tiny tragedy, huge outage. Computers are petty like that.
22. Amazon Q Developer with AWS CLI
Amazon Q Developer can help explain AWS CLI commands, but the actual AWS CLI command is still aws.
Example prompt:
Generate an AWS CLI command to list Lambda functions in us-east-1.
Possible command:
aws lambda list-functions --region us-east-1
Example prompt:
Generate an AWS CLI command to check failed CloudFormation stack events.
Possible command:
aws cloudformation describe-stack-events \
--stack-name my-stack \
--region us-east-1
Example prompt:
Explain this AWS CLI command and what permissions it requires.
This is a useful beginner-friendly way to learn AWS CLI safely.
23. Amazon Q Developer with AWS SAM CLI
Amazon Q Developer is very useful with AWS SAM.
You can ask:
Create a SAM template for a Python Lambda API with DynamoDB.
Then:
Create the matching Python Lambda handler.
Then:
Create a sample API Gateway event JSON file for sam local invoke.
Then run manually:
sam build
sam local invoke CreateUserFunction --event events/create-user.json
sam local start-api
sam deploy --guided
Then ask:
Review my SAM template and Lambda code for production readiness.
Good SAM workflow with Amazon Q:
Ask Q to generate template
Ask Q to generate code
Run sam build
Run sam local invoke
Fix errors with Q
Run sam deploy --guided
Use Q to explain logs
24. Amazon Q Developer with CloudFormation
You can ask Amazon Q to explain CloudFormation resources.
Example:
Explain this CloudFormation template and list every AWS resource it creates.
You can also ask:
Why does this CloudFormation stack fail with CAPABILITY_IAM required?
Or:
Review this CloudFormation template for security issues.
For beginners, this is extremely useful because CloudFormation error messages can be cryptic.
25. Amazon Q Developer with Terraform
Amazon Q Developer can help generate and review Terraform configuration too.
Example:
Create Terraform configuration for an S3 bucket with encryption, versioning, and public access blocked.
Then ask:
Review this Terraform file for security and cost risks.
Then:
Explain what terraform plan will likely create from this configuration.
Still, always run:
terraform fmt
terraform validate
terraform plan
Do not deploy generated infrastructure without reviewing the plan.
26. Amazon Q Developer with Docker and Kubernetes
You can ask Q to generate Dockerfiles, Docker Compose files, and Kubernetes manifests.
Example:
Create a production-ready Dockerfile for this Python FastAPI application.
Example:
Review this Kubernetes deployment YAML for resource limits, probes, and securityContext.
Example:
Create a docker-compose.yml file for this app with PostgreSQL and Redis.
Review generated configs carefully, especially for:
- Exposed ports
- Privileged containers
- Missing resource limits
- Missing health checks
- Hardcoded secrets
- Running as root
27. Amazon Q Developer in AWS Console
In the AWS Console, Amazon Q Developer can help answer AWS questions and troubleshoot.
Example questions:
Why is my Lambda function timing out?
How do I enable versioning on an S3 bucket?
What does this EC2 status check failure mean?
How do I reduce cost for this workload?
Explain this IAM AccessDenied error.
Console use is good when you are actively looking at AWS resources.
IDE use is better when you are actively writing code.
28. Amazon Q Developer command-line reality check
This part matters because the naming has changed.
There used to be an Amazon Q Developer CLI experience. Current AWS documentation says that Q CLI has become Kiro CLI.
So today:
For AI assistant terminal workflows → use Kiro CLI
For Amazon Q Developer code transformation CLI workflows → use qct
For AWS service commands → use AWS CLI using aws
This means a modern tutorial should not teach old q commands as if they are the current Amazon Q Developer CLI.
29. Install Kiro CLI for terminal AI workflows
Kiro CLI is the successor to the old Amazon Q Developer CLI experience.
Because install commands can change, follow the official Kiro CLI installation page for your operating system.
General workflow:
# macOS, Linux, or Windows installation method depends on OS
# Use the current official Kiro CLI installer for your platform
After installation, verify:
kiro-cli --help
Start in a project folder:
cd my-project
kiro-cli
Start chat with a specific agent:
kiro-cli --agent myagent
Or:
kiro-cli chat --agent agent_name
Use Kiro CLI when you want terminal-based AI help, project-aware coding, agent workflows, MCP integrations, or non-IDE assistance.
30. Useful Kiro CLI commands
Start interactive chat
kiro-cli
Start with an agent
kiro-cli --agent myagent
Start chat with agent
kiro-cli chat --agent agent_name
Manage inline suggestions
kiro-cli inline enable
kiro-cli inline disable
kiro-cli inline status
kiro-cli inline show-customizations
kiro-cli inline set-customization
Manage integrations
kiro-cli integrations status
kiro-cli integrations install kiro-command-router
kiro-cli integrations uninstall kiro-command-router
kiro-cli integrations reinstall kiro-command-router
Set command router default
kiro set-default cli
kiro set-default ide
Open IDE directly
kiro ide
MCP usage inside chat
Inside an interactive session:
/mcp
Add MCP servers using CLI workflows or configuration files depending on your setup.
Example idea:
kiro-cli mcp add --name git-server --agent rust-dev
MCP is an advanced topic. It lets the assistant connect to external tools and context providers.
31. Install Amazon Q Developer command-line transformation tool
Amazon Q Developer also has a separate command-line transformation tool commonly invoked as:
qct
This is different from Kiro CLI.
Use qct for supported application transformations, such as Java upgrades or embedded SQL conversion workflows.
Step 1: Check prerequisites
You need:
python --version
Python should be version 3.12 or newer.
You also need macOS or Linux for this workflow.
Step 2: Create a Python virtual environment
python -m venv qct-cli
Activate it:
source qct-cli/bin/activate
Step 3: Install the transformation tool
Download the official Amazon Q command-line transformation tool from AWS documentation, unzip it, and install the correct wheel for your architecture.
Example pattern for Linux x86_64:
pip install <path-to-unzipped-tool>/Linux_x86_64/amzn_qct_cli-<version>-py3-none-any.whl
Example pattern for Linux ARM:
pip install <path-to-unzipped-tool>/Linux_aarch64/amzn_qct_cli-<version>-py3-none-any.whl
Step 4: Verify installation
which qct
You can also try:
qct --help
Step 5: Configure the tool
qct configure
During configuration, you may be asked for:
- JDK path
- IAM Identity Center Start URL
- AWS Region
- Amazon Q Developer Pro subscription information
- Local transformation preferences
Step 6: Run a Java transformation
Example pattern:
qct transform --source_folder <path-to-folder> \
--target_version JAVA_17
Or:
qct transform --source_folder <path-to-folder> \
--target_version JAVA_21
Step 7: Run transformation with dependency upgrade file
qct transform --source_folder <path-to-folder> \
--target_version JAVA_17 \
--dependency_upgrade_file dependency-upgrade.yaml
Step 8: Run non-interactive transformation
qct transform --source_folder <path-to-folder> \
--target_version JAVA_17 \
--no-interactive
Step 9: Embedded SQL conversion
Create a YAML config file like:
schema_conv_metadata_path: <path-to-metadata-zip-file>
Then run:
qct transform --source_folder <path-to-folder> \
--sql_conversion_config_file <path-to-sql-config-file>
Step 10: Pause or cancel transformation
During a transformation, press:
Ctrl+C
Then choose whether to pause or cancel.
To resume a paused transformation, run the transformation command again with the original source folder.
32. Example dependency upgrade file
For Java transformations, you can provide a dependency upgrade YAML file.
Example:
name: dependency-upgrade
description: "Custom dependency version management for Java migration"
dependencyManagement:
dependencies:
- identifier: "com.example:library1"
targetVersion: "2.1.0"
versionProperty: "library1.version"
originType: "FIRST_PARTY"
- identifier: "com.example:library2"
targetVersion: "3.0.0"
originType: "THIRD_PARTY"
plugins:
- identifier: "com.example.plugin"
targetVersion: "1.2.0"
versionProperty: "plugin.version"
originType: "THIRD_PARTY"
Use this when you want more control over dependency upgrades.
33. Amazon Q Developer commands and actions cheat sheet
Amazon Q Developer is mostly used through IDE actions, chat prompts, and extension commands rather than traditional shell commands.
IDE actions
| Action | What it does |
|---|---|
| Open Amazon Q panel | Starts chat |
| Select code and ask Q | Explains or modifies selected code |
| Accept inline suggestion | Accepts generated code completion |
| Reject inline suggestion | Ignores generated suggestion |
| Review code | Finds security, quality, and deployment issues |
| Generate tests | Creates unit tests |
| Explain code | Explains selected file/function |
| Refactor code | Improves structure |
| Transform code | Modernizes supported applications |
Prompt-style commands
Explain this code.
Generate unit tests for this file.
Review this code for security vulnerabilities.
Refactor this function for readability.
Find bugs in this code.
Create a SAM template for this Lambda API.
Explain this AWS error.
Generate least-privilege IAM policy for this use case.
qct command-line commands
qct configure
qct transform --source_folder <path-to-folder> --target_version JAVA_17
qct transform --source_folder <path-to-folder> --target_version JAVA_21
qct transform --source_folder <path-to-folder> \
--target_version JAVA_17 \
--dependency_upgrade_file dependency-upgrade.yaml
qct transform --source_folder <path-to-folder> \
--target_version JAVA_17 \
--no-interactive
qct transform --source_folder <path-to-folder> \
--sql_conversion_config_file sql-config.yaml
qct --help
Kiro CLI commands for terminal assistant workflows
kiro-cli
kiro-cli --help
kiro-cli --agent myagent
kiro-cli chat --agent agent_name
kiro-cli inline enable
kiro-cli inline disable
kiro-cli inline status
kiro-cli integrations status
kiro set-default cli
kiro set-default ide
kiro ide
34. Beginner project: Build a simple Lambda with Amazon Q Developer
Goal
Create a simple Python Lambda function using Amazon Q Developer.
Step 1: Create project folder
mkdir q-demo-lambda
cd q-demo-lambda
Step 2: Create app file
touch app.py
Step 3: Ask Amazon Q
Prompt:
Create a Python Lambda function that returns a JSON response with message "Hello from Amazon Q Developer".
Possible code:
import json
def lambda_handler(event, context):
return {
"statusCode": 200,
"headers": {
"Content-Type": "application/json"
},
"body": json.dumps({
"message": "Hello from Amazon Q Developer"
})
}
Step 4: Ask for explanation
Prompt:
Explain this Lambda function line by line.
Step 5: Ask for tests
Prompt:
Generate pytest unit tests for this Lambda function.
Possible test:
import json
from app import lambda_handler
def test_lambda_handler():
response = lambda_handler({}, None)
assert response["statusCode"] == 200
body = json.loads(response["body"])
assert body["message"] == "Hello from Amazon Q Developer"
Step 6: Run tests
pip install pytest
pytest
Step 7: Improve
Prompt:
Add support for reading a name from the event and returning Hello, <name>.
35. Intermediate project: API Gateway + Lambda + DynamoDB with SAM
Goal
Use Amazon Q Developer to create a small serverless API.
Architecture:
Client → API Gateway → Lambda → DynamoDB
Step 1: Ask Q for a SAM template
Prompt:
Create an AWS SAM template for a POST /users API backed by Lambda and DynamoDB. Use least-privilege permissions.
Step 2: Ask Q for Lambda code
Prompt:
Create the Python Lambda handler for POST /users. It should parse JSON, require name and email, generate a userId, and store the item in DynamoDB.
Step 3: Ask Q for local test event
Prompt:
Create an API Gateway proxy event JSON file for testing this Lambda locally with sam local invoke.
Step 4: Build and test
sam build
sam local invoke CreateUserFunction --event events/create-user.json
sam local start-api
Step 5: Test API locally
curl -X POST http://127.0.0.1:3000/users \
-H "Content-Type: application/json" \
-d '{"name":"Rajesh","email":"rajesh@example.com"}'
Step 6: Ask Q to debug errors
If something fails, copy the error and ask:
This SAM local invoke command failed. Explain the error and show the exact fix.
Step 7: Review security
Prompt:
Review this SAM template and Lambda code for security, IAM least privilege, logging, validation, and production readiness.
Step 8: Deploy
sam deploy --guided
36. Advanced workflow: Security review and hardening
After generating code, ask Amazon Q Developer to harden it.
Useful prompts:
Review this code for OWASP Top 10 risks.
Find places where user input is trusted unsafely.
Check whether this function logs sensitive data.
Suggest least-privilege IAM permissions for this Lambda function.
Review this Terraform or CloudFormation for public exposure.
Find hardcoded secrets or credentials.
Do not stop at code generation. Make security review part of the workflow.
Recommended workflow:
Generate code
Run tests
Ask Q for code review
Fix issues
Ask Q for security review
Run static analysis
Deploy to dev
Review logs
Deploy to production
37. Advanced workflow: Code modernization
Amazon Q Developer can help modernize supported codebases.
Common modernization tasks:
- Java version upgrade
- .NET transformation
- Dependency upgrades
- Refactoring old patterns
- Explaining legacy code
- Generating tests before migration
- Creating migration plans
Good prompt:
Analyze this Java project and create a migration plan from Java 8 to Java 17. Include risks, dependencies, testing strategy, and rollback plan.
For command-line transformation, use qct where supported.
General Java transformation pattern:
qct configure
qct transform --source_folder <path-to-java-project> \
--target_version JAVA_17
For Java 21:
qct transform --source_folder <path-to-java-project> \
--target_version JAVA_21
Ask Q to review the generated changes:
Review these migration changes and identify behavior changes, dependency risks, and test gaps.
38. Advanced workflow: Troubleshooting AWS errors
Amazon Q Developer is especially useful when debugging AWS errors.
IAM error example
Error:
AccessDeniedException: User is not authorized to perform dynamodb:PutItem
Prompt:
Explain this AccessDeniedException and show the minimum IAM policy needed for this Lambda to write to this DynamoDB table.
Lambda timeout example
Error:
Task timed out after 10.00 seconds
Prompt:
My Lambda function timed out after 10 seconds. Review this code and suggest likely causes and fixes.
CloudFormation failure example
Error:
Requires capabilities: [CAPABILITY_IAM]
Prompt:
Explain why this CloudFormation deployment requires CAPABILITY_IAM and whether it is safe to approve.
API Gateway error example
Error:
502 Bad Gateway
Prompt:
My API Gateway endpoint returns 502. Review this Lambda response format and explain what is wrong.
39. Advanced workflow: Prompt engineering for Amazon Q Developer
Good prompts include:
- Context
- Goal
- Language/framework
- Constraints
- Expected output format
- Security requirements
- Testing requirements
Weak prompt:
Write Lambda code.
Better prompt:
Write a Python 3.12 AWS Lambda function for API Gateway proxy integration. It should accept POST /users, parse JSON, require name and email, validate email format, write to DynamoDB using boto3, return proper HTTP status codes, avoid logging PII, and include unit tests using pytest.
Weak prompt:
Fix this.
Better prompt:
This function fails when the request body is missing. Explain the root cause, fix the code, and add tests for missing body, invalid JSON, missing name, and missing email.
Prompt formula:
You are helping with <project/context>.
I need <goal>.
Use <language/framework/tool>.
Follow <constraints>.
Return <format>.
Also include <tests/security/error handling>.
Example:
You are helping with an AWS SAM Python serverless API. I need a Lambda handler for POST /orders. Use Python 3.12 and boto3. Validate input, write to DynamoDB, return API Gateway proxy responses, avoid logging sensitive fields, and include pytest tests.
40. Best practices
40.1 Treat Amazon Q as an assistant, not an authority
Amazon Q can be very helpful, but you are still responsible for the code.
40.2 Provide project context
Instead of asking:
Fix this code.
Say:
This is a Python Lambda function behind API Gateway. It writes to DynamoDB. It should return API Gateway proxy responses. Fix the validation bug.
40.3 Ask for tests
Always ask:
Generate unit tests for success and failure cases.
40.4 Ask for security review
Always ask:
Review this for security and least-privilege IAM.
40.5 Ask for explanation
Do not accept code you do not understand.
Ask:
Explain why this solution works.
40.6 Use small steps
Instead of asking for a whole production application at once, work in smaller pieces:
Create handler.
Add validation.
Add persistence.
Add tests.
Add logging.
Add SAM template.
Review security.
40.7 Keep humans in the review loop
For production code:
- Run tests
- Run linters
- Run security scans
- Review IAM policies
- Review generated infrastructure
- Check costs
- Deploy first to dev/staging
41. Common mistakes
Mistake 1: Accepting code blindly
Bad idea. Always review generated code.
Mistake 2: Asking vague prompts
Bad:
Make this better.
Better:
Improve readability, add error handling, keep the public function signature unchanged, and explain each change.
Mistake 3: Generating broad IAM policies
Bad:
Give Lambda full access to AWS.
Better:
Create least-privilege IAM permissions for this Lambda to read one S3 bucket and write to one DynamoDB table.
Mistake 4: Pasting secrets
Do not paste keys, passwords, customer data, or private credentials.
Mistake 5: Not checking package versions
AI might suggest outdated dependencies. Verify versions before using them.
Mistake 6: Ignoring organization policy
If you work in a company, follow your internal AI, security, privacy, and code review policies.
42. Recommended learning path
Follow this path from beginner to advanced.
Stage 1: Basics
Learn:
- What Amazon Q Developer is
- Difference between CodeWhisperer and Amazon Q Developer
- IDE installation
- Builder ID login
- Basic chat
- Inline suggestions
Practice:
Explain this code.
Generate a function.
Generate tests.
Refactor this function.
Stage 2: AWS development
Learn:
- Lambda
- API Gateway
- DynamoDB
- IAM
- AWS SAM
- CloudFormation basics
Practice:
Generate Lambda code.
Generate SAM templates.
Explain IAM policies.
Debug SAM deployment errors.
Stage 3: Security and review
Learn:
- Secrets detection
- IAM least privilege
- Infrastructure review
- Dependency review
- Secure coding patterns
Practice:
Review this code for security.
Review this IAM policy.
Review this CloudFormation template.
Stage 4: DevOps and operations
Learn:
- CloudWatch Logs
- CloudFormation stack events
- AWS CLI
- CI/CD pipelines
- Deployment troubleshooting
Practice:
Explain this CloudWatch error.
Generate a GitHub Actions workflow.
Debug this deployment failure.
Stage 5: Advanced modernization
Learn:
- Java/.NET modernization
- Code transformation
- Dependency upgrades
- Migration planning
- qct command-line transformation
Practice:
Create a Java 8 to Java 17 migration plan.
Run qct transformation.
Review migration changes.
Stage 6: Terminal workflows
Learn:
- Kiro CLI
- Agents
- MCP
- Inline terminal assistance
- Project-aware terminal development
Practice:
kiro-cli
kiro-cli --agent myagent
kiro-cli inline enable
43. Final mental model
Amazon Q Developer is your AWS-aware AI development assistant.
Use it like this:
In IDE:
Write code
Explain code
Generate tests
Review security
Refactor
Debug
In AWS Console:
Understand services
Diagnose errors
Ask AWS architecture questions
With SAM/CDK/Terraform:
Generate infrastructure
Review templates
Explain deployment failures
With qct:
Transform supported applications
With Kiro CLI:
Use terminal-based AI assistant workflows
The best workflow is:
Ask clearly
Generate code
Review carefully
Test locally
Scan for security
Deploy to dev
Check logs
Improve
Deploy to production
Amazon Q Developer will not replace your engineering judgment. It will make your engineering workflow faster, especially when you use it with strong prompts, tests, security review, and AWS best practices.
In one line:
Amazon Q Developer helps developers build, debug, secure, modernize, and operate AWS applications faster.
