{"id":249,"date":"2026-04-13T08:49:29","date_gmt":"2026-04-13T08:49:29","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/aws-amazon-q-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai\/"},"modified":"2026-04-13T08:49:29","modified_gmt":"2026-04-13T08:49:29","slug":"aws-amazon-q-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/aws-amazon-q-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai\/","title":{"rendered":"AWS Amazon Q Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Machine Learning (ML) and Artificial Intelligence (AI)"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Machine Learning (ML) and Artificial Intelligence (AI)<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Amazon Q is AWS\u2019s generative AI assistant designed to help people work faster with AWS, software development tasks, and (depending on the Amazon Q offering) enterprise knowledge and business data. It\u2019s part of AWS\u2019s broader Machine Learning (ML) and Artificial Intelligence (AI) portfolio, but it\u2019s delivered as an end-user assistant rather than a \u201cbuild-your-own-model\u201d platform.<\/p>\n\n\n\n

In simple terms: Amazon Q is a chat- and assistant-style experience that helps you get answers, generate or improve code, and complete tasks using natural language<\/strong>, with security and identity controls appropriate for organizations.<\/p>\n\n\n\n

Technically: Amazon Q is a set of AWS-managed AI assistant capabilities (for example, Amazon Q Developer<\/strong> for developers and Amazon Q Business<\/strong> for business users) that integrates with AWS identity, permissions, and selected AWS services and tooling. Depending on the offering, it can answer questions grounded in your organization\u2019s content, help you write and refactor code inside IDEs, and provide guidance for AWS operations\u2014while respecting access controls.<\/p>\n\n\n\n

What problem it solves:<\/strong> teams spend large amounts of time searching for answers (internal docs, tickets, runbooks), writing boilerplate code, troubleshooting cloud errors, and navigating AWS best practices. Amazon Q reduces that \u201ctime-to-solution\u201d by providing context-aware assistance directly in the tools where work happens.<\/p>\n\n\n\n

\n

Naming note (important): Amazon Q is a current, active AWS product name. Some related AWS capabilities were previously branded differently (for example, Amazon CodeWhisperer<\/strong> is now part of Amazon Q Developer<\/strong>). Also, \u201cQ\u201d features exist in other AWS products (for example, Amazon Q in Amazon QuickSight). Always verify which Amazon Q<\/strong> offering you are enabling, because features, setup, and pricing vary by offering<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n

\n\n\n\n

2. What is Amazon Q?<\/h2>\n\n\n\n

Official purpose<\/h3>\n\n\n\n

Amazon Q is an AWS generative AI assistant that helps users answer questions<\/strong>, generate and improve content or code<\/strong>, and complete tasks<\/strong> using natural language\u2014while integrating with AWS identity and (for some offerings) organizational knowledge sources.<\/p>\n\n\n\n

Core capabilities (high-level)<\/h3>\n\n\n\n

Because Amazon Q is a \u201cfamily\u201d of capabilities, the exact feature set depends on what you enable. Common themes include:<\/p>\n\n\n\n

    \n
  • Conversational Q&A<\/strong> for AWS, software development, and (for business offerings) enterprise knowledge.<\/li>\n
  • Context-aware assistance<\/strong> inside supported user experiences (for example, IDE integrations for developers).<\/li>\n
  • Security-aware behavior<\/strong> tied to identity, permissions, and administrative controls.<\/li>\n<\/ul>\n\n\n\n

    Major components (conceptual)<\/h3>\n\n\n\n

    Amazon Q is not a single \u201cone-size\u201d console page; it is best understood as a set of offerings:<\/p>\n\n\n\n

      \n
    • Amazon Q Developer<\/strong>: Focused on developers and engineers (IDE assistance, code generation, code explanation, and related workflows).<\/li>\n
    • Amazon Q Business<\/strong>: Focused on business users and enterprise knowledge retrieval across approved data sources (connectors, indexing, access control).<\/li>\n
    • Amazon Q in other AWS products<\/strong>: Some AWS products expose \u201cAmazon Q\u201d experiences tailored to that product (for example, Amazon Q in Amazon QuickSight). Setup and billing may be separate.<\/li>\n<\/ul>\n\n\n\n

      Service type<\/h3>\n\n\n\n
        \n
      • Managed AWS AI assistant service<\/strong> (SaaS-like experience operated by AWS), exposed through AWS consoles and supported integrations (for example, IDE plugins).<\/li>\n<\/ul>\n\n\n\n

        Scope (global vs regional, account vs subscription)<\/h3>\n\n\n\n

        Amazon Q offerings have different scoping models:<\/p>\n\n\n\n

          \n
        • Identity scope:<\/strong> Typically user-based (often integrated with AWS identity solutions such as IAM Identity Center). <\/li>\n
        • Account scope:<\/strong> Administrative configuration is associated with AWS accounts\/organizations for business deployments. <\/li>\n
        • Regional scope:<\/strong> Availability can be region-dependent<\/strong>. Even when a UI seems \u201cglobal,\u201d the underlying service endpoints and data processing may be tied to specific AWS Regions. Verify in official docs<\/strong> for your offering and region.<\/li>\n<\/ul>\n\n\n\n

          How it fits into the AWS ecosystem<\/h3>\n\n\n\n

          Amazon Q sits above foundational AI building blocks like Amazon Bedrock and Amazon SageMaker:<\/p>\n\n\n\n

            \n
          • Use Amazon Q<\/strong> when you want an out-of-the-box assistant experience<\/strong> for users.<\/li>\n
          • Use Amazon Bedrock<\/strong> when you want to build<\/strong> your own generative AI applications (custom RAG, agents, model selection).<\/li>\n
          • Use Amazon SageMaker<\/strong> when you want end-to-end ML<\/strong> (training, tuning, hosting, MLOps).<\/li>\n<\/ul>\n\n\n\n

            Amazon Q also integrates with AWS security and governance capabilities (for example, identity, auditing, and administrative controls), which is critical for enterprise adoption.<\/p>\n\n\n\n

            \n\n\n\n

            3. Why use Amazon Q?<\/h2>\n\n\n\n

            Business reasons<\/h3>\n\n\n\n
              \n
            • Faster knowledge discovery:<\/strong> Reduce time spent searching internal documentation, wikis, tickets, and runbooks (especially with Amazon Q Business).<\/li>\n
            • Developer productivity:<\/strong> Reduce time spent on boilerplate coding, refactoring, and troubleshooting (especially with Amazon Q Developer).<\/li>\n
            • Enablement at scale:<\/strong> Provide a consistent assistant experience across teams with centralized administration.<\/li>\n<\/ul>\n\n\n\n

              Technical reasons<\/h3>\n\n\n\n
                \n
              • Natural language interface<\/strong> to complex systems and codebases.<\/li>\n
              • Contextual assistance<\/strong> in developer tools (where supported).<\/li>\n
              • Integration with AWS identity and access controls<\/strong> to align with enterprise security requirements.<\/li>\n<\/ul>\n\n\n\n

                Operational reasons<\/h3>\n\n\n\n
                  \n
                • Standardize how teams get answers:<\/strong> consistent guidance, fewer tribal-knowledge bottlenecks.<\/li>\n
                • Shorten incident resolution loops:<\/strong> faster interpretation of logs\/errors and quicker access to runbooks (when integrated into documentation sources).<\/li>\n
                • Reduce cognitive load<\/strong> for on-call and DevOps engineers by improving discoverability of procedures.<\/li>\n<\/ul>\n\n\n\n

                  Security\/compliance reasons<\/h3>\n\n\n\n
                    \n
                  • Centralized control and permissions:<\/strong> leverage AWS identity patterns (for example, IAM Identity Center) so users see only what they\u2019re allowed to see (particularly relevant for Amazon Q Business).<\/li>\n
                  • Auditability:<\/strong> AWS services typically integrate with AWS logging and auditing services. Confirm exact audit log coverage for your Amazon Q offering in the docs.<\/li>\n
                  • Enterprise governance:<\/strong> better alignment than \u201cbring your own consumer chatbot\u201d approaches.<\/li>\n<\/ul>\n\n\n\n

                    Scalability\/performance reasons<\/h3>\n\n\n\n
                      \n
                    • Managed scaling:<\/strong> AWS runs the service. You focus on enablement and governance rather than model hosting.<\/li>\n
                    • Consistent user experience:<\/strong> designed for many users across teams (subject to service limits and subscription tiers).<\/li>\n<\/ul>\n\n\n\n

                      When teams should choose Amazon Q<\/h3>\n\n\n\n

                      Choose Amazon Q if you want:\n– A ready-to-use assistant<\/strong> for developers or business users.\n– Enterprise identity and access control integration<\/strong>.\n– A managed solution rather than building your own generative AI stack.<\/p>\n\n\n\n

                      When teams should not choose it<\/h3>\n\n\n\n

                      Avoid (or delay) Amazon Q if:\n– You need full control over model selection, prompts, RAG pipelines, and runtime<\/strong> (consider Amazon Bedrock instead).\n– You require on-prem-only<\/strong> processing or strict data residency constraints not supported by the service\/region.\n– Your security policy requires private network-only access<\/strong> and the offering does not support that (verify current networking options).\n– Your use case is highly specialized and would be better served by a custom application (Bedrock + your application code).<\/p>\n\n\n\n

                      \n\n\n\n

                      4. Where is Amazon Q used?<\/h2>\n\n\n\n

                      Industries<\/h3>\n\n\n\n

                      Amazon Q is broadly applicable across regulated and non-regulated industries, such as:\n– Financial services (with careful governance)\n– Healthcare and life sciences (with strict compliance controls)\n– Retail and e-commerce\n– Manufacturing\n– Technology and SaaS\n– Public sector (verify eligibility and regional availability)<\/p>\n\n\n\n

                      Team types<\/h3>\n\n\n\n
                        \n
                      • Developers and platform engineers (Amazon Q Developer)<\/li>\n
                      • DevOps\/SRE\/on-call teams<\/li>\n
                      • Security engineers (secure coding assistance and best-practice guidance; verify exact feature set)<\/li>\n
                      • Data analysts and BI teams (for Amazon Q in analytics experiences, depending on product)<\/li>\n
                      • Business operations and knowledge workers (Amazon Q Business)<\/li>\n<\/ul>\n\n\n\n

                        Workloads<\/h3>\n\n\n\n
                          \n
                        • Software development and modernization<\/li>\n
                        • Cloud operations and troubleshooting<\/li>\n
                        • Knowledge management and internal support<\/li>\n
                        • Documentation generation and maintenance<\/li>\n
                        • Controlled self-service for internal questions (policies, procedures)<\/li>\n<\/ul>\n\n\n\n

                          Architectures<\/h3>\n\n\n\n
                            \n
                          • Centralized enterprise enablement (IAM Identity Center + centralized policies)<\/li>\n
                          • Multi-account AWS Organizations with delegated admin models (where supported)<\/li>\n
                          • Integration with approved knowledge sources (for Amazon Q Business)<\/li>\n<\/ul>\n\n\n\n

                            Real-world deployment contexts<\/h3>\n\n\n\n
                              \n
                            • Production:<\/strong> enterprise-wide rollout with governance, connectors, audit, and lifecycle management.<\/li>\n
                            • Dev\/test:<\/strong> pilots for one team, one environment, or a limited subset of docs and repos before scaling.<\/li>\n<\/ul>\n\n\n\n
                              \n\n\n\n

                              5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                              Below are realistic scenarios that align with how teams typically adopt Amazon Q. Exact steps and availability depend on whether you use Amazon Q Developer, Amazon Q Business, or Amazon Q in another AWS product\u2014verify in the official documentation for your chosen offering.<\/p>\n\n\n\n

                              1) IDE pair-programmer for application development (Amazon Q Developer)<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> Developers lose time on boilerplate code, common patterns, and learning unfamiliar APIs.<\/li>\n
                              • Why Amazon Q fits:<\/strong> It integrates into supported IDEs and helps with code generation, explanation, and refactoring workflows.<\/li>\n
                              • Example scenario:<\/strong> A team building a Python service asks Amazon Q Developer to generate a safe input-validation function and unit tests.<\/li>\n<\/ul>\n\n\n\n

                                2) Troubleshoot AWS permission errors faster (Amazon Q Developer)<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> IAM-related errors are time-consuming to diagnose (\u201cAccessDenied\u201d, missing actions, wrong resource ARNs).<\/li>\n
                                • Why Amazon Q fits:<\/strong> It can help interpret AWS error messages and suggest likely permission gaps (you still validate).<\/li>\n
                                • Example scenario:<\/strong> An engineer pastes an AWS CLI error into the chat and gets guidance on which IAM action is likely missing.<\/li>\n<\/ul>\n\n\n\n

                                  3) Write Infrastructure as Code (IaC) templates (Amazon Q Developer)<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> Creating CloudFormation\/Terraform templates from scratch is repetitive and error-prone.<\/li>\n
                                  • Why Amazon Q fits:<\/strong> It can propose starter templates and explain security implications (still requires review).<\/li>\n
                                  • Example scenario:<\/strong> Generate a minimal CloudFormation template for an S3 bucket with encryption and blocked public access, then refine it.<\/li>\n<\/ul>\n\n\n\n

                                    4) Generate and maintain runbooks (Amazon Q Developer + your docs)<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Runbooks are stale; updates lag behind operational changes.<\/li>\n
                                    • Why Amazon Q fits:<\/strong> It can draft runbooks from existing procedures and incident notes.<\/li>\n
                                    • Example scenario:<\/strong> Convert \u201ctribal knowledge\u201d Slack notes into a structured incident response runbook.<\/li>\n<\/ul>\n\n\n\n

                                      5) Internal knowledge assistant for policies and procedures (Amazon Q Business)<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> Employees ask the same HR\/IT\/security questions repeatedly; answers are scattered across systems.<\/li>\n
                                      • Why Amazon Q fits:<\/strong> Amazon Q Business is designed for enterprise Q&A grounded in approved content and controlled by permissions.<\/li>\n
                                      • Example scenario:<\/strong> Users ask \u201cHow do I request VPN access?\u201d and get an answer with links to the official policy page.<\/li>\n<\/ul>\n\n\n\n

                                        6) Engineering onboarding assistant (Amazon Q Business)<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> New hires struggle to find correct, current onboarding steps.<\/li>\n
                                        • Why Amazon Q fits:<\/strong> A curated knowledge base reduces onboarding time and increases consistency.<\/li>\n
                                        • Example scenario:<\/strong> A new engineer asks for \u201cHow do I set up local dev for Service A?\u201d and receives steps sourced from internal docs.<\/li>\n<\/ul>\n\n\n\n

                                          7) Knowledge assistant for customer support teams (Amazon Q Business)<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> Support engineers need quick answers from product docs, known issues, and ticket history.<\/li>\n
                                          • Why Amazon Q fits:<\/strong> Central Q&A with controlled source access reduces time-to-resolution.<\/li>\n
                                          • Example scenario:<\/strong> A support agent asks about an error code and gets a summary of known causes and the latest fix procedure.<\/li>\n<\/ul>\n\n\n\n

                                            8) Standardized secure coding help (Amazon Q Developer)<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> Inconsistent security practices across teams lead to vulnerabilities.<\/li>\n
                                            • Why Amazon Q fits:<\/strong> Assist with secure patterns (input validation, secrets handling) and code review suggestions; developers still validate.<\/li>\n
                                            • Example scenario:<\/strong> Ask for a secure way to load secrets from AWS Secrets Manager (and then implement following AWS best practices).<\/li>\n<\/ul>\n\n\n\n

                                              9) Data\/analytics natural language insights (Amazon Q in analytics experiences)<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Business users can\u2019t easily query dashboards or metrics without learning BI tools.<\/li>\n
                                              • Why Amazon Q fits:<\/strong> In-product \u201cQ\u201d experiences can translate questions into insights (availability depends on the product).<\/li>\n
                                              • Example scenario:<\/strong> A sales manager asks, \u201cWhich region had the largest month-over-month growth?\u201d and gets a chart and explanation.<\/li>\n<\/ul>\n\n\n\n

                                                10) Migration and modernization guidance (Amazon Q Developer)<\/h3>\n\n\n\n
                                                  \n
                                                • Problem:<\/strong> Modernizing a legacy codebase is risky and time-consuming.<\/li>\n
                                                • Why Amazon Q fits:<\/strong> Amazon Q Developer can help explain unfamiliar legacy code and suggest refactoring approaches. Some transformation capabilities may exist\u2014verify supported languages\/targets.<\/li>\n
                                                • Example scenario:<\/strong> A team upgrading dependencies asks for a plan and code changes for safer exception handling and logging patterns.<\/li>\n<\/ul>\n\n\n\n

                                                  11) Drafting internal architecture decision records (ADR) (Amazon Q Developer)<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem:<\/strong> Architectural decisions aren\u2019t documented consistently.<\/li>\n
                                                  • Why Amazon Q fits:<\/strong> It can generate ADR templates and summarize tradeoffs.<\/li>\n
                                                  • Example scenario:<\/strong> Draft an ADR comparing SNS+SQS vs EventBridge for asynchronous integration.<\/li>\n<\/ul>\n\n\n\n

                                                    12) Reduce \u201cbus factor\u201d with explainability (Amazon Q Developer)<\/h3>\n\n\n\n
                                                      \n
                                                    • Problem:<\/strong> Only a few senior engineers understand key parts of the system.<\/li>\n
                                                    • Why Amazon Q fits:<\/strong> It can explain code blocks and produce documentation comments.<\/li>\n
                                                    • Example scenario:<\/strong> Ask for an explanation of a complex concurrency module and generate inline documentation.<\/li>\n<\/ul>\n\n\n\n
                                                      \n\n\n\n

                                                      6. Core Features<\/h2>\n\n\n\n

                                                      Amazon Q is multi-offering; features below are grouped and described in a way that helps you map them to your deployment. Verify the exact feature list for your Amazon Q offering<\/strong> in the official documentation, because capabilities and UI change over time.<\/p>\n\n\n\n

                                                      Feature 1: Conversational chat experience<\/h3>\n\n\n\n
                                                        \n
                                                      • What it does:<\/strong> Allows users to ask questions in natural language and get answers, guidance, or generated output.<\/li>\n
                                                      • Why it matters:<\/strong> Reduces time spent searching docs and copying snippets.<\/li>\n
                                                      • Practical benefit:<\/strong> Faster iteration for troubleshooting, learning, and drafting.<\/li>\n
                                                      • Limitations\/caveats:<\/strong> Output can be wrong or incomplete; you must validate. Apply guardrails and a review culture.<\/li>\n<\/ul>\n\n\n\n

                                                        Feature 2: IDE assistance for coding (Amazon Q Developer)<\/h3>\n\n\n\n
                                                          \n
                                                        • What it does:<\/strong> Provides code suggestions, explanations, and generation workflows inside supported IDEs (via AWS tooling integrations).<\/li>\n
                                                        • Why it matters:<\/strong> Keeps developers in-flow; avoids context switching.<\/li>\n
                                                        • Practical benefit:<\/strong> Faster coding, fewer syntax\/API mistakes, quicker onboarding.<\/li>\n
                                                        • Limitations\/caveats:<\/strong> IDE support varies (for example, VS Code vs JetBrains). Features may differ by edition\/subscription.<\/li>\n<\/ul>\n\n\n\n

                                                          Feature 3: Code explanation and refactoring help (Amazon Q Developer)<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does:<\/strong> Explains unfamiliar code, proposes refactors, and can help draft tests and documentation.<\/li>\n
                                                          • Why it matters:<\/strong> Improves maintainability and team knowledge transfer.<\/li>\n
                                                          • Practical benefit:<\/strong> Faster reviews and safer changes when paired with testing.<\/li>\n
                                                          • Limitations\/caveats:<\/strong> Suggestions may not match your style guide; ensure you enforce linters, tests, and code review.<\/li>\n<\/ul>\n\n\n\n

                                                            Feature 4: Assistance with AWS APIs and operations (Amazon Q Developer)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does:<\/strong> Helps interpret AWS errors, suggests likely causes, and provides steps or snippets for AWS tasks.<\/li>\n
                                                            • Why it matters:<\/strong> AWS systems are broad; guidance accelerates resolution.<\/li>\n
                                                            • Practical benefit:<\/strong> Faster diagnosis for IAM and service configuration issues.<\/li>\n
                                                            • Limitations\/caveats:<\/strong> Do not blindly apply changes; validate against your security baselines.<\/li>\n<\/ul>\n\n\n\n

                                                              Feature 5: Enterprise knowledge grounding (Amazon Q Business)<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> Answers questions grounded in your organization\u2019s indexed content, subject to user permissions.<\/li>\n
                                                              • Why it matters:<\/strong> Without grounding, assistants can be generic; knowledge grounding increases relevance.<\/li>\n
                                                              • Practical benefit:<\/strong> Employees get answers with citations\/links to internal sources (depending on configuration).<\/li>\n
                                                              • Limitations\/caveats:<\/strong> Quality depends on content hygiene and access control mapping. Connector availability varies\u2014verify the current connector list.<\/li>\n<\/ul>\n\n\n\n

                                                                Feature 6: Connectors to content sources (Amazon Q Business)<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does:<\/strong> Connects Amazon Q Business to approved content repositories (for example, AWS data stores and selected SaaS apps).<\/li>\n
                                                                • Why it matters:<\/strong> Automates ingestion and indexing; reduces manual updates.<\/li>\n
                                                                • Practical benefit:<\/strong> Keep knowledge up to date.<\/li>\n
                                                                • Limitations\/caveats:<\/strong> Each connector has its own auth model and constraints; some sources may require extra licensing or admin consent. Verify supported connectors and any limits.<\/li>\n<\/ul>\n\n\n\n

                                                                  Feature 7: Identity and access control integration<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does:<\/strong> Aligns access to Amazon Q experiences and content with enterprise identity.<\/li>\n
                                                                  • Why it matters:<\/strong> Prevents data leakage and enforces least privilege.<\/li>\n
                                                                  • Practical benefit:<\/strong> Users see responses based on what they are allowed to access.<\/li>\n
                                                                  • Limitations\/caveats:<\/strong> Misconfigured identity mapping or overly broad permissions can leak information.<\/li>\n<\/ul>\n\n\n\n

                                                                    Feature 8: Administrative controls and governance<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does:<\/strong> Provides administrative configuration for enabling the service, managing users, and controlling access.<\/li>\n
                                                                    • Why it matters:<\/strong> Enterprises need control for rollout, monitoring, and compliance.<\/li>\n
                                                                    • Practical benefit:<\/strong> Centralized enablement, consistent guardrails.<\/li>\n
                                                                    • Limitations\/caveats:<\/strong> Admin model differs by offering; follow the official admin guide.<\/li>\n<\/ul>\n\n\n\n

                                                                      Feature 9: Logging, auditing, and monitoring hooks (varies by offering)<\/h3>\n\n\n\n
                                                                        \n
                                                                      • What it does:<\/strong> Supports observability through AWS-native mechanisms where available (for example, audit logs of administrative actions).<\/li>\n
                                                                      • Why it matters:<\/strong> Security teams need auditability; operations teams need metrics.<\/li>\n
                                                                      • Practical benefit:<\/strong> Faster investigations and compliance reporting.<\/li>\n
                                                                      • Limitations\/caveats:<\/strong> Not all user interactions are always logged the same way; verify<\/strong> what is logged and how long it\u2019s retained.<\/li>\n<\/ul>\n\n\n\n

                                                                        Feature 10: Multi-user scaling (subscription-based)<\/h3>\n\n\n\n
                                                                          \n
                                                                        • What it does:<\/strong> Supports broad adoption across organizations.<\/li>\n
                                                                        • Why it matters:<\/strong> Adoption is often the goal; not just a single-user tool.<\/li>\n
                                                                        • Practical benefit:<\/strong> Standardized assistant for teams.<\/li>\n
                                                                        • Limitations\/caveats:<\/strong> Costs scale with users and usage; manage rollout thoughtfully.<\/li>\n<\/ul>\n\n\n\n
                                                                          \n\n\n\n

                                                                          7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                          Because Amazon Q includes multiple offerings, treat \u201carchitecture\u201d as a pattern<\/strong> rather than a single diagram. This section explains two common patterns:<\/p>\n\n\n\n

                                                                            \n
                                                                          1. A developer-assistant<\/strong> pattern (Amazon Q Developer).<\/li>\n
                                                                          2. An enterprise knowledge assistant<\/strong> pattern (Amazon Q Business).<\/li>\n<\/ol>\n\n\n\n

                                                                            High-level architecture concepts<\/h3>\n\n\n\n

                                                                            Control plane vs data plane<\/h4>\n\n\n\n
                                                                              \n
                                                                            • Control plane:<\/strong> Admin configuration, user enablement, identity integration, and connector setup (for Q Business).<\/li>\n
                                                                            • Data plane:<\/strong> User prompts, responses, and (for Q Business) retrieval from indexed content.<\/li>\n<\/ul>\n\n\n\n

                                                                              Request\/data flow (conceptual)<\/h4>\n\n\n\n
                                                                                \n
                                                                              1. A user authenticates via the approved identity method.<\/li>\n
                                                                              2. The user submits a question or task.<\/li>\n
                                                                              3. Amazon Q processes the request (potentially retrieving relevant content if configured).<\/li>\n
                                                                              4. Amazon Q returns a response.<\/li>\n
                                                                              5. Admin\/audit systems record relevant events (coverage varies).<\/li>\n<\/ol>\n\n\n\n

                                                                                Integrations with related AWS services (common patterns)<\/h3>\n\n\n\n

                                                                                Depending on the offering, Amazon Q commonly relates to:\n– Identity:<\/strong> IAM Identity Center (common for enterprise SSO); IAM for AWS permissions management.\n– Security:<\/strong> AWS KMS for encryption (service-managed or customer-managed keys depending on offering\/settings\u2014verify).\n– Audit\/monitoring:<\/strong> AWS CloudTrail \/ Amazon CloudWatch (availability varies by event type\u2014verify).\n– Data sources:<\/strong> Amazon S3 (common enterprise content store) and other sources through managed connectors (verify current connector list).<\/p>\n\n\n\n

                                                                                Security\/authentication model (conceptual)<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • End users<\/strong> authenticate using supported identity providers (often via IAM Identity Center for organizational SSO).<\/li>\n
                                                                                • Authorization<\/strong> is enforced through:<\/li>\n
                                                                                • the user\u2019s identity and group membership,<\/li>\n
                                                                                • application-level access assignments (Q Business),<\/li>\n
                                                                                • and access control mapping for content sources (Q Business connectors).<\/li>\n<\/ul>\n\n\n\n

                                                                                  Networking model<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Amazon Q is accessed via AWS-managed endpoints over TLS.<\/li>\n
                                                                                  • For private networking (VPC-only access), verify in official docs<\/strong> whether the specific offering supports AWS PrivateLink or other private endpoint options.<\/li>\n<\/ul>\n\n\n\n

                                                                                    Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Track:<\/li>\n
                                                                                    • user enablement and access assignments,<\/li>\n
                                                                                    • connector health and sync status (Q Business),<\/li>\n
                                                                                    • audit events (CloudTrail where supported),<\/li>\n
                                                                                    • cost allocation (tags, account separation, chargeback).<\/li>\n<\/ul>\n\n\n\n

                                                                                      Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                      flowchart LR\n  U[User] -->|SSO \/ Sign-in| ID[Identity Provider \/ IAM Identity Center]\n  U -->|Chat \/ Prompt| Q[Amazon Q]\n  Q -->|Answer \/ Suggestions| U\n  Admin[Admin] -->|Configure \/ Govern| Q\n<\/code><\/pre>\n\n\n\n
                                                                                      Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                      This diagram focuses on an enterprise knowledge assistant pattern (Amazon Q Business) plus developer enablement (Amazon Q Developer) at scale.<\/p>\n\n\n\n
                                                                                      flowchart TB\n  subgraph Org[AWS Organization]\n    subgraph Sec[Security & Governance]\n      CT[CloudTrail (audit)\\nVerify coverage]\n      CW[CloudWatch (metrics\/logs)\\nVerify coverage]\n      KMS[AWS KMS Keys\\n(verify CMK support)]\n      SCP[SCPs \/ Guardrails]\n    end\n\n    subgraph Identity[Identity & Access]\n      IdC[IAM Identity Center\\n(SSO)]\n      Groups[Groups \/ Attributes]\n    end\n\n    subgraph QSuite[Amazon Q Offerings]\n      QDev[Amazon Q Developer\\n(IDE\/console experience)]\n      QBus[Amazon Q Business\\n(App + Index)]\n      Conn[Managed Connectors\\n(verify sources)]\n    end\n\n    subgraph Content[Enterprise Content Sources]\n      S3[Amazon S3\\nDocs\/Runbooks]\n      SaaS[SaaS Sources\\n(e.g., wiki\/tickets)\\nverify list]\n    end\n  end\n\n  UserDev[Developers] --> IdC\n  UserBiz[Business Users] --> IdC\n\n  IdC --> QDev\n  IdC --> QBus\n  Groups --> QBus\n\n  QBus --> Conn --> S3\n  Conn --> SaaS\n\n  QDev -->|Assistance| UserDev\n  QBus -->|Grounded answers| UserBiz\n\n  QDev -.audit\/metrics.-> CT\n  QBus -.audit\/metrics.-> CT\n  QBus -.encryption.-> KMS\n  QDev -.encryption.-> KMS\n  CT --> CW\n\n  SCP --> QSuite\n<\/code><\/pre>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      8. Prerequisites<\/h2>\n\n\n\n
                                                                                      Prerequisites vary by Amazon Q offering. The list below covers a practical baseline for most labs and pilots.<\/p>\n\n\n\n
                                                                                      Account\/subscription requirements<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • An AWS account<\/strong> for administrative setup (especially for Amazon Q Business).<\/li>\n
                                                                                      • For Amazon Q Developer in an IDE, AWS may allow use with an AWS Builder ID<\/strong> for certain tiers\/features. Availability and capabilities can differ\u2014verify in official docs<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                                        Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • For Amazon Q Developer in IDE:<\/li>\n
                                                                                        • IDE sign-in permissions (varies by identity method).<\/li>\n
                                                                                        • If you will access AWS resources (optional), you need standard IAM permissions for the tasks you perform.<\/li>\n
                                                                                        • For Amazon Q Business (admin):<\/li>\n
                                                                                        • Permissions to configure the Amazon Q Business application and its data source connectors.<\/li>\n
                                                                                        • Permissions to configure IAM Identity Center assignments and (if used) IAM roles for connectors.<\/li>\n<\/ul>\n\n\n\n
                                                                                          Best practice:<\/strong> Create separate admin roles (least privilege) for:\n– Q admin,\n– connector admin,\n– security\/audit admin.<\/p>\n\n\n\n
                                                                                          Billing requirements<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • A valid payment method on the AWS account.<\/li>\n
                                                                                          • Be aware that some Amazon Q offerings are per-user subscription priced<\/strong> and can scale quickly with user count.<\/li>\n<\/ul>\n\n\n\n
                                                                                            Tools needed (for this tutorial\u2019s lab)<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • A workstation with:<\/li>\n
                                                                                            • Visual Studio Code<\/strong> (VS Code)<\/li>\n
                                                                                            • Internet access to download extensions<\/li>\n
                                                                                            • VS Code extension:<\/li>\n
                                                                                            • AWS Toolkit<\/strong> (which provides Amazon Q Developer integration in supported configurations)<\/li>\n<\/ul>\n\n\n\n
                                                                                              Region availability<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Amazon Q availability is region-dependent<\/strong> and varies by offering.\n  Always confirm supported regions in official docs before committing to an architecture.<\/li>\n<\/ul>\n\n\n\n
                                                                                                Quotas\/limits<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Limits (users, connectors, sync frequency, etc.) vary by offering and can change.<\/li>\n
                                                                                                • Check Service Quotas<\/strong> and the Amazon Q documentation for your offering.<\/li>\n<\/ul>\n\n\n\n
                                                                                                  Prerequisite services (common)<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • IAM Identity Center<\/strong> (often recommended for enterprise deployments; verify requirement for your offering)<\/li>\n
                                                                                                  • Optional for Q Business:<\/li>\n
                                                                                                  • Content sources such as Amazon S3 or supported SaaS repositories<\/li>\n<\/ul>\n\n\n\n
                                                                                                    \n\n\n\n
                                                                                                    9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                    Amazon Q pricing depends on which \u201cQ\u201d offering you use. Do not assume one pricing model applies to all of them.<\/strong> Always confirm in the official AWS pricing pages for the specific offering you\u2019re enabling.<\/p>\n\n\n\n
                                                                                                    Current pricing model (what to expect)<\/h3>\n\n\n\n
                                                                                                    Common pricing dimensions include:<\/p>\n\n\n\n
                                                                                                      \n
                                                                                                    • Per-user subscription pricing<\/strong> (common for Amazon Q Business and Amazon Q Developer paid tiers).<\/li>\n
                                                                                                    • Usage-based components<\/strong> (possible for indexing, retrieval capacity, or add-on features depending on offering\u2014verify).<\/li>\n
                                                                                                    • Edition\/tier differences<\/strong> (for example, Free vs Pro tiers for developer tooling\u2014verify current tiers).<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Free tier<\/h3>\n\n\n\n
                                                                                                      Some Amazon Q Developer experiences historically offered free usage tiers (for example, for individuals). Whether a free tier exists today, what it includes, and any constraints (monthly caps, feature limits) must be validated against the official pricing page.<\/p>\n\n\n\n
                                                                                                      Cost drivers<\/h3>\n\n\n\n
                                                                                                      Key cost drivers typically include:\n– Number of enabled users<\/strong> (the biggest lever in subscription models).\n– Which tier\/edition<\/strong> each user is assigned to.\n– For Q Business-style deployments:\n  – number and size of connected content sources,\n  – frequency of sync\/index updates,\n  – usage intensity (how often users query).<\/p>\n\n\n\n
                                                                                                      Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                                      Even if Amazon Q itself is subscription priced, you may also pay for:\n– Data storage<\/strong> in your content repositories (e.g., Amazon S3).\n– Data transfer<\/strong> (internet egress from sources; cross-region transfer if any).\n– Identity provider costs<\/strong> (if your IdP has licensing).\n– Operational overhead<\/strong> (time to manage connectors, permissions mapping, and content hygiene).<\/p>\n\n\n\n
                                                                                                      Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • If your content sources are in AWS, data transfer patterns depend on region placement and service architecture.<\/li>\n
                                                                                                      • If your content sources are SaaS, you may incur API costs or rate-limiting constraints on the SaaS side.<\/li>\n
                                                                                                      • Avoid cross-region content architectures unless necessary; they can increase cost and complexity.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        How to optimize cost<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Start with a pilot group<\/strong> (10\u201350 users) and expand in phases.<\/li>\n
                                                                                                        • Use tiered licensing<\/strong>: assign paid tiers only to users who need them.<\/li>\n
                                                                                                        • For Q Business:<\/li>\n
                                                                                                        • connect only high-value sources first,<\/li>\n
                                                                                                        • remove obsolete content,<\/li>\n
                                                                                                        • tune sync schedules to balance freshness vs cost\/limits.<\/li>\n
                                                                                                        • Use tags, accounts, and cost allocation to support showback\/chargeback.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Example low-cost starter estimate (non-numeric guidance)<\/h3>\n\n\n\n
                                                                                                          A low-cost starter pilot often looks like:\n– A small number of users on the minimum tier that meets requirements.\n– Minimal connectors (or none initially).\n– A short pilot window (2\u20134 weeks) to validate value.<\/p>\n\n\n\n
                                                                                                          Because AWS pricing is tier- and region-dependent, use the official pricing page and AWS Pricing Calculator<\/strong> to compute actual numbers.<\/p>\n\n\n\n
                                                                                                          Example production cost considerations<\/h3>\n\n\n\n
                                                                                                          For production rollout, consider:\n– Licensing for hundreds\/thousands of users.\n– Dedicated admin and security review time.\n– Connector maintenance and content lifecycle processes.\n– Governance (audit, policies, training).<\/p>\n\n\n\n
                                                                                                          Official pricing pages and calculator<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Amazon Q pricing landing (may link to individual offerings): https:\/\/aws.amazon.com\/q\/  <\/li>\n
                                                                                                          • Amazon Q Business pricing: https:\/\/aws.amazon.com\/q\/business\/pricing\/  <\/li>\n
                                                                                                          • Amazon Q Developer pricing: https:\/\/aws.amazon.com\/q\/developer\/pricing\/  <\/li>\n
                                                                                                          • AWS Pricing Calculator: https:\/\/calculator.aws\/#\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                            \n\n\n\n
                                                                                                            10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                            This lab focuses on Amazon Q Developer in VS Code<\/strong> because it\u2019s a practical, beginner-friendly way to experience Amazon Q with minimal AWS infrastructure changes. You will use Amazon Q Developer to explain code, fix a bug, and generate unit tests locally.<\/p>\n\n\n\n
                                                                                                            \n
                                                                                                            This lab avoids provisioning AWS resources to keep cost and risk low. If you choose to extend it to AWS integrations (S3, Lambda, etc.), do so in a sandbox account with least privilege.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                            Objective<\/h3>\n\n\n\n
                                                                                                            Enable Amazon Q Developer in VS Code and use it to:\n1. Explain an unfamiliar piece of code.\n2. Fix a real bug in a small Python program.\n3. Generate unit tests and run them locally.<\/p>\n\n\n\n
                                                                                                            Lab Overview<\/h3>\n\n\n\n
                                                                                                            You will:\n1. Install VS Code and the AWS Toolkit.\n2. Sign in to enable Amazon Q Developer.\n3. Create a small Python project with a deliberate bug.\n4. Use Amazon Q Developer to diagnose and fix the bug.\n5. Ask Amazon Q Developer to generate unit tests.\n6. Validate locally (run tests).\n7. Clean up (remove project and\/or sign out).<\/p>\n\n\n\n
                                                                                                            Step 1: Install prerequisites (VS Code + Python)<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            1. Install Visual Studio Code<\/strong>: https:\/\/code.visualstudio.com\/<\/li>\n
                                                                                                            2. Install Python 3.10+<\/strong> (or your org standard): https:\/\/www.python.org\/downloads\/<\/li>\n
                                                                                                            3. Confirm Python is available:<\/li>\n<\/ol>\n\n\n\n
                                                                                                              python3 --version\n<\/code><\/pre>\n\n\n\n
                                                                                                              Expected outcome:<\/strong> python3<\/code> prints a version (e.g., 3.11.x).<\/p>\n\n\n\n
                                                                                                              Step 2: Install AWS Toolkit in VS Code<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              1. Open VS Code.<\/li>\n
                                                                                                              2. Go to Extensions<\/strong>.<\/li>\n
                                                                                                              3. Search for AWS Toolkit<\/strong> (publisher: Amazon Web Services).<\/li>\n
                                                                                                              4. Click Install<\/strong>.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                Expected outcome:<\/strong> AWS Toolkit appears in the Extensions list and an AWS icon appears in the Activity Bar (left side).<\/p>\n\n\n\n
                                                                                                                Step 3: Enable Amazon Q Developer (sign in)<\/h3>\n\n\n\n
                                                                                                                The sign-in method depends on your environment:<\/p>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Individuals often use AWS Builder ID<\/strong> (if supported for your tier).<\/li>\n
                                                                                                                • Enterprises often use IAM Identity Center (SSO)<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  In VS Code:\n1. Open the AWS Toolkit panel.\n2. Find an option related to Amazon Q Developer<\/strong> or \u201cAmazon Q\u201d.\n3. Choose Sign in<\/strong> and follow the prompts.<\/p>\n\n\n\n
                                                                                                                  If you are in an enterprise:\n– Use the SSO start URL provided by your admin.\n– Ensure your user is entitled to Amazon Q Developer.<\/p>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> You can open an Amazon Q Developer chat panel or see Amazon Q Developer features enabled in the IDE.<\/p>\n\n\n\n
                                                                                                                  \n
                                                                                                                  If you cannot find the Amazon Q Developer UI in the Toolkit: verify your AWS Toolkit version and refer to the official Amazon Q Developer documentation, because the UI placement can change over time.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                  Step 4: Create a small Python project with a deliberate bug<\/h3>\n\n\n\n
                                                                                                                  Create a new folder and files:<\/p>\n\n\n\n
                                                                                                                  mkdir amazon-q-lab\ncd amazon-q-lab\nmkdir -p src tests\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Create src\/price.py<\/code>:<\/p>\n\n\n\n
                                                                                                                  # src\/price.py\n\ndef apply_discount(price: float, discount_percent: float) -> float:\n    \"\"\"\n    Apply a percentage discount to a price.\n\n    discount_percent should be in the range [0, 100].\n    \"\"\"\n    if price < 0:\n        raise ValueError(\"price must be >= 0\")\n\n    # BUG: this formula is incorrect for percentage discounts.\n    return price - discount_percent\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Create a quick runner src\/app.py<\/code>:<\/p>\n\n\n\n
                                                                                                                  # src\/app.py\nfrom price import apply_discount\n\nif __name__ == \"__main__\":\n    original = 200.0\n    discounted = apply_discount(original, 10.0)\n    print(f\"Original: {original}, discounted: {discounted}\")\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Now run it:<\/p>\n\n\n\n
                                                                                                                  python3 -c \"import sys; sys.path.append('src'); from price import apply_discount; print(apply_discount(200.0, 10.0))\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> It prints 190.0<\/code>, which is incorrect for a 10% discount on 200 (should be 180.0). This is the bug you will fix.<\/p>\n\n\n\n
                                                                                                                  Step 5: Use Amazon Q Developer to explain and diagnose the bug<\/h3>\n\n\n\n
                                                                                                                  In VS Code:\n1. Open the src\/price.py<\/code> file.\n2. Open the Amazon Q Developer chat panel.\n3. Ask a prompt like:<\/p>\n\n\n\n
                                                                                                                  Explain what apply_discount is doing and identify any bug in the logic. The discount is supposed to be a percentage from 0 to 100.\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> Amazon Q Developer explains that the code subtracts the raw discount number instead of applying a percentage and suggests a corrected formula.<\/p>\n\n\n\n
                                                                                                                  Step 6: Apply the fix with a safe implementation<\/h3>\n\n\n\n
                                                                                                                  Update src\/price.py<\/code> to validate the percent range and apply the correct formula:<\/p>\n\n\n\n
                                                                                                                  # src\/price.py\n\ndef apply_discount(price: float, discount_percent: float) -> float:\n    \"\"\"\n    Apply a percentage discount to a price.\n\n    discount_percent should be in the range [0, 100].\n    \"\"\"\n    if price < 0:\n        raise ValueError(\"price must be >= 0\")\n    if discount_percent < 0 or discount_percent > 100:\n        raise ValueError(\"discount_percent must be between 0 and 100\")\n\n    return price * (1 - (discount_percent \/ 100.0))\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Re-run the quick test:<\/p>\n\n\n\n
                                                                                                                  python3 -c \"import sys; sys.path.append('src'); from price import apply_discount; print(apply_discount(200.0, 10.0))\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> It prints 180.0<\/code>.<\/p>\n\n\n\n
                                                                                                                  Step 7: Ask Amazon Q Developer to generate unit tests<\/h3>\n\n\n\n
                                                                                                                  Install pytest (in a virtual environment is recommended):<\/p>\n\n\n\n
                                                                                                                  python3 -m venv .venv\nsource .venv\/bin\/activate\npip install -U pip pytest\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Create tests\/test_price.py<\/code>. You can ask Amazon Q Developer:<\/p>\n\n\n\n
                                                                                                                  Generate pytest unit tests for apply_discount covering:\n- normal cases (10% of 200)\n- boundary cases (0% and 100%)\n- invalid inputs (negative price, percent outside 0-100)\n<\/code><\/pre>\n\n\n\n
                                                                                                                  A solid test file looks like this (you can paste or compare with Amazon Q\u2019s output):<\/p>\n\n\n\n
                                                                                                                  # tests\/test_price.py\n\nimport sys\nimport pytest\n\nsys.path.append(\"src\")\nfrom price import apply_discount\n\ndef test_apply_discount_normal_case():\n    assert apply_discount(200.0, 10.0) == 180.0\n\ndef test_apply_discount_zero_percent():\n    assert apply_discount(99.99, 0.0) == 99.99\n\ndef test_apply_discount_hundred_percent():\n    assert apply_discount(50.0, 100.0) == 0.0\n\ndef test_apply_discount_negative_price_raises():\n    with pytest.raises(ValueError):\n        apply_discount(-1.0, 10.0)\n\n@pytest.mark.parametrize(\"pct\", [-0.01, 100.01, 1000.0])\ndef test_apply_discount_invalid_percent_raises(pct):\n    with pytest.raises(ValueError):\n        apply_discount(10.0, pct)\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Run tests:<\/p>\n\n\n\n
                                                                                                                  pytest -q\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> All tests pass.<\/p>\n\n\n\n
                                                                                                                  Validation<\/h3>\n\n\n\n
                                                                                                                  You have validated Amazon Q Developer\u2019s usefulness if:\n– The IDE shows Amazon Q Developer chat assistance enabled.\n– The function\u2019s bug is fixed and outputs the correct result.\n– Unit tests run successfully with pytest<\/code>.<\/p>\n\n\n\n
                                                                                                                  Troubleshooting<\/h3>\n\n\n\n
                                                                                                                  Issue: Amazon Q Developer UI does not appear in VS Code<\/strong>\n– Update AWS Toolkit to the latest version.\n– Ensure you are signed in through the supported method (Builder ID or IAM Identity Center).\n– Verify your organization has enabled Amazon Q Developer for your user (for enterprise SSO).\n– Check official docs for the current VS Code integration steps:\n  – Amazon Q Developer documentation: https:\/\/docs.aws.amazon.com\/amazonq\/latest\/qdeveloper-ug\/what-is.html (verify exact URL if it changes)<\/p>\n\n\n\n
                                                                                                                  Issue: Sign-in fails<\/strong>\n– For IAM Identity Center: confirm your SSO start URL, region, and that your device is compliant with corporate policy.\n– For Builder ID: verify you are using the correct AWS account identity path for Amazon Q Developer.<\/p>\n\n\n\n
                                                                                                                  Issue: Tests fail due to import paths<\/strong>\n– Ensure src<\/code> is added to sys.path<\/code> in tests as shown, or package your code properly.\n– Run pytest<\/code> from the project root (amazon-q-lab<\/code>).<\/p>\n\n\n\n
                                                                                                                  Issue: Suggested code is insecure or not aligned to policy<\/strong>\n– Treat Amazon Q output as a draft. Apply secure coding standards, run static analysis, and require code review.<\/p>\n\n\n\n
                                                                                                                  Cleanup<\/h3>\n\n\n\n
                                                                                                                  To clean up locally:\n– Close VS Code.\n– Delete the folder:<\/p>\n\n\n\n
                                                                                                                  cd ..\nrm -rf amazon-q-lab\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Optional:\n– In VS Code AWS Toolkit, sign out<\/strong> if you used a shared machine.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  11. Best Practices<\/h2>\n\n\n\n
                                                                                                                  Architecture best practices<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Choose the right Amazon Q offering<\/strong>:<\/li>\n
                                                                                                                  • Use Amazon Q Developer<\/strong> for developer workflows.<\/li>\n
                                                                                                                  • Use Amazon Q Business<\/strong> for enterprise knowledge Q&A.<\/li>\n
                                                                                                                  • Start with a pilot<\/strong> and define success metrics:<\/li>\n
                                                                                                                  • time saved per task,<\/li>\n
                                                                                                                  • reduced mean-time-to-resolution,<\/li>\n
                                                                                                                  • onboarding time reduction,<\/li>\n
                                                                                                                  • adoption and satisfaction.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Apply least privilege<\/strong>:<\/li>\n
                                                                                                                    • Separate admin roles from end-user roles.<\/li>\n
                                                                                                                    • Limit connector permissions to only required sources.<\/li>\n
                                                                                                                    • Use SSO (IAM Identity Center)<\/strong> for enterprise use cases where possible.<\/li>\n
                                                                                                                    • Maintain a process for access reviews<\/strong> (quarterly\/biannual).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      Cost best practices<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Control costs with:<\/li>\n
                                                                                                                      • phased rollout<\/strong> (small group \u2192 wider org),<\/li>\n
                                                                                                                      • tiering<\/strong> (paid tiers only where needed),<\/li>\n
                                                                                                                      • chargeback\/showback using account separation and tags.<\/li>\n
                                                                                                                      • For Q Business, connect high-value content sources first<\/strong> rather than indexing \u201ceverything.\u201d<\/li>\n<\/ul>\n\n\n\n
                                                                                                                        Performance best practices<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • Improve answer quality by improving input quality:<\/li>\n
                                                                                                                        • remove outdated documents,<\/li>\n
                                                                                                                        • consolidate duplicate runbooks,<\/li>\n
                                                                                                                        • standardize document structure (headings, owners, last-updated date).<\/li>\n
                                                                                                                        • For Q Business, tune connector scopes (folders\/spaces\/projects) to reduce noise.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          Reliability best practices<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          • Treat knowledge as a product:<\/li>\n
                                                                                                                          • assign owners,<\/li>\n
                                                                                                                          • set review cycles,<\/li>\n
                                                                                                                          • define deprecation procedures.<\/li>\n
                                                                                                                          • For Q Business connectors, monitor sync health and establish an operational runbook.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                            Operations best practices<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Document:<\/li>\n
                                                                                                                            • how to onboard\/offboard users,<\/li>\n
                                                                                                                            • how to approve new content sources,<\/li>\n
                                                                                                                            • how to respond to suspected data exposure.<\/li>\n
                                                                                                                            • Establish a feedback loop so users can report:<\/li>\n
                                                                                                                            • incorrect answers,<\/li>\n
                                                                                                                            • missing sources,<\/li>\n
                                                                                                                            • stale documents.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Use consistent naming for:<\/li>\n
                                                                                                                              • Q Business applications,<\/li>\n
                                                                                                                              • data sources\/connectors,<\/li>\n
                                                                                                                              • environments (dev\/pilot\/prod).<\/li>\n
                                                                                                                              • Apply tags for cost and ownership where supported.<\/li>\n
                                                                                                                              • Maintain an internal \u201cAI acceptable use policy\u201d for prompts and sensitive data.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                Identity and access model<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Amazon Q Developer:<\/strong> user access is typically controlled via sign-in method (Builder ID or enterprise SSO) and organization entitlements.<\/li>\n
                                                                                                                                • Amazon Q Business:<\/strong> user access typically relies on enterprise identity and access assignments, plus content access mapping for connected repositories.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Key security requirement:<\/strong> users must only be able to retrieve information they are authorized to access. Confirm how the connector enforces ACLs and group mapping for each source.<\/p>\n\n\n\n
                                                                                                                                  Encryption<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • AWS services commonly support encryption at rest and in transit.<\/li>\n
                                                                                                                                  • For Amazon Q, encryption specifics (including whether you can use customer-managed KMS keys<\/strong>) depend on the offering and configuration.<\/li>\n
                                                                                                                                  • Verify in official docs<\/strong> for your Amazon Q offering:<\/li>\n
                                                                                                                                  • encryption at rest,<\/li>\n
                                                                                                                                  • encryption in transit,<\/li>\n
                                                                                                                                  • key management options.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Network exposure<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Amazon Q is accessed via AWS-managed endpoints over TLS.<\/li>\n
                                                                                                                                    • If your environment requires private connectivity:<\/li>\n
                                                                                                                                    • verify whether the offering supports AWS PrivateLink or equivalent.<\/li>\n
                                                                                                                                    • if not supported, control access through identity, device posture, and egress controls.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Secrets handling<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Never paste:<\/li>\n
                                                                                                                                      • long-lived AWS access keys,<\/li>\n
                                                                                                                                      • database credentials,<\/li>\n
                                                                                                                                      • private keys,<\/li>\n
                                                                                                                                      • sensitive customer data\n  into chat prompts.<\/li>\n
                                                                                                                                      • Use secure patterns:<\/li>\n
                                                                                                                                      • short-lived credentials (SSO),<\/li>\n
                                                                                                                                      • AWS Secrets Manager for application secrets,<\/li>\n
                                                                                                                                      • redaction policies in runbooks and training.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Confirm what is captured in:<\/li>\n
                                                                                                                                        • AWS CloudTrail (admin actions, API calls),<\/li>\n
                                                                                                                                        • service logs\/telemetry options (if any),<\/li>\n
                                                                                                                                        • connector audit trails.<\/li>\n
                                                                                                                                        • Define retention and access policies for logs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • For regulated workloads:<\/li>\n
                                                                                                                                          • perform a vendor\/service risk review,<\/li>\n
                                                                                                                                          • review AWS compliance artifacts (SOC, ISO, etc.) relevant to your region and offering,<\/li>\n
                                                                                                                                          • confirm data residency and retention behaviors.<\/li>\n
                                                                                                                                          • Consult the AWS documentation and compliance resources for Amazon Q. If unclear, treat it as \u201cVerify in official docs.\u201d<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Overbroad connector scopes (\u201cindex the entire company drive\u201d).<\/li>\n
                                                                                                                                            • Misconfigured group mapping that grants access too widely.<\/li>\n
                                                                                                                                            • Treating responses as authoritative without validation.<\/li>\n
                                                                                                                                            • Allowing sensitive production incident data to be pasted into prompts without sanitization.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Roll out with:<\/li>\n
                                                                                                                                              • pilot group<\/strong> + security review,<\/li>\n
                                                                                                                                              • documented acceptable use,<\/li>\n
                                                                                                                                              • regular access audits,<\/li>\n
                                                                                                                                              • least-privilege connector configurations,<\/li>\n
                                                                                                                                              • incident response procedures for suspected data exposure.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                \n\n\n\n
                                                                                                                                                13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                Because Amazon Q is a suite of offerings, limitations are offering-specific. The items below are common patterns to plan for:<\/p>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Region availability varies<\/strong> by offering and feature set.<\/li>\n
                                                                                                                                                • Connector availability varies<\/strong> and can change. Always verify the current list of supported connectors and their constraints.<\/li>\n
                                                                                                                                                • Answer quality depends on your content quality<\/strong> (Q Business) and your prompts\/context (Q Developer).<\/li>\n
                                                                                                                                                • Not a substitute for code review or security review.<\/strong><\/li>\n
                                                                                                                                                • Costs can scale linearly with users<\/strong> in subscription models.<\/li>\n
                                                                                                                                                • Audit coverage may not match expectations<\/strong>\u2014verify exactly what is logged and where.<\/li>\n
                                                                                                                                                • Network isolation may be limited<\/strong> if private endpoints are not supported (verify).<\/li>\n
                                                                                                                                                • Enterprise rollout requires change management:<\/strong> training, acceptable use policy, and governance.<\/li>\n
                                                                                                                                                • Data source permissions mapping is non-trivial:<\/strong> incorrect mapping can cause overexposure or underexposure.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  \n\n\n\n
                                                                                                                                                  14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                  Amazon Q is best compared against:\n– Other AWS services<\/strong> that solve adjacent problems differently (Bedrock, Kendra, SageMaker).\n– Other cloud assistants<\/strong> (Microsoft Copilot, Google Gemini offerings).\n– Self-managed\/open-source<\/strong> assistants built on open models plus a RAG stack.<\/p>\n\n\n\n
                                                                                                                                                  Comparison table<\/h3>\n\n\n\n
                                                                                                                                                  \n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                  Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                  Amazon Q (Developer\/Business)<\/strong><\/td>\nManaged assistant for developers or enterprise knowledge<\/td>\nAWS-native identity\/governance alignment; managed experience; integrates with AWS tooling<\/td>\nOffering-specific constraints; subscription costs; connectors\/regions vary<\/td>\nWhen you want an AWS-managed assistant with enterprise controls<\/td>\n<\/tr>\n
                                                                                                                                                  Amazon Bedrock<\/strong><\/td>\nBuilding custom genAI apps (RAG, agents, model choice)<\/td>\nMaximum flexibility; design your own workflows; integrate with your app<\/td>\nYou must build, secure, and operate the app; more engineering effort<\/td>\nWhen you need custom behavior, custom UX, or deep integration<\/td>\n<\/tr>\n
                                                                                                                                                  Amazon Kendra<\/strong><\/td>\nEnterprise search (non-chat-first)<\/td>\nMature enterprise search patterns; indexing and relevance<\/td>\nNot a full assistant experience by itself<\/td>\nWhen you primarily need search; pair with custom genAI if needed<\/td>\n<\/tr>\n
                                                                                                                                                  Amazon SageMaker<\/strong><\/td>\nFull ML lifecycle (train, tune, host)<\/td>\nFull control for ML teams; MLOps tools<\/td>\nHigher complexity; not a turnkey assistant<\/td>\nWhen you need custom ML models and pipelines<\/td>\n<\/tr>\n
                                                                                                                                                  Microsoft Copilot (various editions)<\/strong><\/td>\nOrganizations standardized on Microsoft ecosystem<\/td>\nDeep integration with Microsoft 365 and dev tools<\/td>\nEcosystem lock-in; data governance differs<\/td>\nWhen your knowledge and workflows are mostly in Microsoft stack<\/td>\n<\/tr>\n
                                                                                                                                                  Google Cloud Gemini offerings<\/strong><\/td>\nOrganizations standardized on Google ecosystem<\/td>\nStrong integration with Google Workspace and GCP<\/td>\nEcosystem alignment required<\/td>\nWhen your workflows and data are primarily in Google services<\/td>\n<\/tr>\n
                                                                                                                                                  ChatGPT Enterprise \/ similar<\/strong><\/td>\nGeneral enterprise assistant<\/td>\nStrong general reasoning and UX<\/td>\nGovernance and AWS-specific integration varies<\/td>\nWhen you need a general assistant and have clear governance controls<\/td>\n<\/tr>\n
                                                                                                                                                  Self-managed (open-source model + RAG)<\/strong><\/td>\nHighly customized needs or strict control<\/td>\nFull control over data, models, and networking<\/td>\nHighest operational burden; requires ML\/security expertise<\/td>\nWhen policy requires maximum control or on-prem processing<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                  \n\n\n\n
                                                                                                                                                  15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                  Enterprise example: Large financial services organization<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Problem:<\/strong> Engineers and operations teams spend too long searching internal runbooks, architecture docs, and compliance procedures. New hires take months to become productive.<\/li>\n
                                                                                                                                                  • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                  • IAM Identity Center for SSO and group-based access.<\/li>\n
                                                                                                                                                  • Amazon Q Business connected to approved internal sources (for example, a curated S3 documentation bucket and selected ticket\/wiki systems via supported connectors\u2014verify).<\/li>\n
                                                                                                                                                  • Amazon Q Developer enabled for engineering teams in supported IDEs.<\/li>\n
                                                                                                                                                  • CloudTrail and central logging for audit and governance (verify exact logging coverage).<\/li>\n
                                                                                                                                                  • Why Amazon Q was chosen:<\/strong><\/li>\n
                                                                                                                                                  • Enterprise identity integration and governance alignment with AWS.<\/li>\n
                                                                                                                                                  • Managed service reduces operational burden compared to building a custom assistant.<\/li>\n
                                                                                                                                                  • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                  • Reduced time to locate procedures and compliance guidance.<\/li>\n
                                                                                                                                                  • Faster incident resolution.<\/li>\n
                                                                                                                                                  • Improved onboarding through consistent answers grounded in approved docs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Startup\/small-team example: SaaS company with a small platform team<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Problem:<\/strong> A small team ships quickly but struggles with consistent IaC, code quality, and operational readiness.<\/li>\n
                                                                                                                                                    • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                    • Amazon Q Developer enabled in VS Code for all engineers.<\/li>\n
                                                                                                                                                    • Internal \u201cgolden path\u201d templates maintained in a Git repo; Amazon Q Developer used to generate and explain patterns.<\/li>\n
                                                                                                                                                    • Lightweight governance: code review + CI tests + secret scanning.<\/li>\n
                                                                                                                                                    • Why Amazon Q was chosen:<\/strong><\/li>\n
                                                                                                                                                    • Fast productivity gains with minimal infrastructure.<\/li>\n
                                                                                                                                                    • Lower effort than standing up a custom internal assistant.<\/li>\n
                                                                                                                                                    • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                    • Faster delivery of well-tested features.<\/li>\n
                                                                                                                                                    • Better code consistency and fewer production issues caused by basic mistakes.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                      1) Is Amazon Q one service or multiple products?<\/strong>\nAmazon Q is a brand that includes multiple offerings (for example, Amazon Q Developer and Amazon Q Business), plus \u201cAmazon Q\u201d experiences embedded in some AWS products. Always confirm which offering you\u2019re deploying.<\/p>\n\n\n\n
                                                                                                                                                      2) What\u2019s the difference between Amazon Q Developer and Amazon Q Business?<\/strong>\nAmazon Q Developer focuses on software development and AWS engineering workflows (often inside IDEs). Amazon Q Business focuses on enterprise knowledge Q&A grounded in internal content sources with access controls.<\/p>\n\n\n\n
                                                                                                                                                      3) Is Amazon CodeWhisperer still a thing?<\/strong>\nAmazon CodeWhisperer branding has been incorporated into Amazon Q Developer. If you see older references, treat them as legacy naming and verify the current Amazon Q Developer documentation.<\/p>\n\n\n\n
                                                                                                                                                      4) Does Amazon Q train on my company\u2019s data?<\/strong>\nAWS provides product-specific statements about data usage and training. The exact policy depends on the offering and configuration. Verify in the official Amazon Q documentation and service terms<\/strong> for your offering.<\/p>\n\n\n\n
                                                                                                                                                      5) Can Amazon Q access my private S3 documents?<\/strong>\nWith Amazon Q Business, you can connect content sources such as S3 (and others) using supported connectors and permissions mapping. You must configure access control correctly so users only see authorized content.<\/p>\n\n\n\n
                                                                                                                                                      6) Can I restrict Amazon Q to a private VPC-only endpoint?<\/strong>\nNetworking options vary by offering. Verify<\/strong> whether your Amazon Q offering supports private connectivity (for example, AWS PrivateLink). If not, rely on identity controls and egress controls.<\/p>\n\n\n\n
                                                                                                                                                      7) Do I need IAM Identity Center to use Amazon Q?<\/strong>\nEnterprise deployments commonly use IAM Identity Center. Some Amazon Q Developer setups may also support AWS Builder ID for individuals. Requirements vary\u2014verify in docs.<\/p>\n\n\n\n
                                                                                                                                                      8) How do I prevent sensitive data from being exposed in answers?<\/strong>\nUse least privilege, correct group mapping, connector scoping, and user training. Start with curated sources and expand carefully. Establish an acceptable use policy and audit processes.<\/p>\n\n\n\n
                                                                                                                                                      9) Is Amazon Q a replacement for Amazon Bedrock?<\/strong>\nNo. Amazon Bedrock is for building your own genAI apps. Amazon Q is a managed assistant experience. They can be complementary, but they solve different problems.<\/p>\n\n\n\n
                                                                                                                                                      10) Is Amazon Q good for production incident response?<\/strong>\nIt can help by improving access to runbooks and troubleshooting guidance, but it does not replace operational discipline. Validate outputs and ensure runbooks and permissions are accurate.<\/p>\n\n\n\n
                                                                                                                                                      11) What are the biggest cost drivers?<\/strong>\nTypically the number of users (subscription), tier selection, and (for knowledge offerings) indexing\/connector scope and usage. Validate your offering\u2019s pricing dimensions on the official pricing page.<\/p>\n\n\n\n
                                                                                                                                                      12) Can Amazon Q generate CloudFormation\/Terraform?<\/strong>\nAmazon Q Developer can often help draft IaC templates, but you must validate them against best practices, security requirements, and your organization\u2019s standards.<\/p>\n\n\n\n
                                                                                                                                                      13) How do I measure success for an Amazon Q rollout?<\/strong>\nTrack adoption, time saved, reduction in repeated questions, reduced incident resolution time, onboarding time reduction, and user satisfaction\u2014plus security metrics (access review findings).<\/p>\n\n\n\n
                                                                                                                                                      14) What\u2019s the best way to start?<\/strong>\nStart with Amazon Q Developer for a small engineering pilot (easy adoption) or Amazon Q Business for a specific knowledge domain (IT support, onboarding). Define success criteria and expand iteratively.<\/p>\n\n\n\n
                                                                                                                                                      15) What should we avoid during rollout?<\/strong>\nAvoid indexing everything, granting broad access, and skipping governance. Don\u2019t treat responses as authoritative without validation.<\/p>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      17. Top Online Resources to Learn Amazon Q<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                      Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      Official documentation<\/td>\nAmazon Q Developer User Guide<\/td>\nCanonical setup and feature documentation for Amazon Q Developer. https:\/\/docs.aws.amazon.com\/amazonq\/latest\/qdeveloper-ug\/what-is.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official documentation<\/td>\nAmazon Q Business User Guide<\/td>\nCanonical setup and admin documentation for Amazon Q Business. https:\/\/docs.aws.amazon.com\/amazonq\/latest\/qbusiness-ug\/what-is.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official product page<\/td>\nAmazon Q (overview)<\/td>\nHigh-level entry point and links to specific offerings. https:\/\/aws.amazon.com\/q\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official pricing<\/td>\nAmazon Q Developer pricing<\/td>\nCurrent tiers and pricing dimensions for Amazon Q Developer. https:\/\/aws.amazon.com\/q\/developer\/pricing\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official pricing<\/td>\nAmazon Q Business pricing<\/td>\nCurrent tiers and pricing dimensions for Amazon Q Business. https:\/\/aws.amazon.com\/q\/business\/pricing\/<\/td>\n<\/tr>\n
                                                                                                                                                      Pricing tool<\/td>\nAWS Pricing Calculator<\/td>\nBuild region-specific estimates based on your expected usage. https:\/\/calculator.aws\/#\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official architecture<\/td>\nAWS Architecture Center<\/td>\nFind reference architectures and security guidance to complement Amazon Q deployments. https:\/\/aws.amazon.com\/architecture\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official security<\/td>\nAWS CloudTrail<\/td>\nUnderstand auditing capabilities across AWS services. https:\/\/docs.aws.amazon.com\/awscloudtrail\/latest\/userguide\/cloudtrail-user-guide.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official identity<\/td>\nIAM Identity Center<\/td>\nSSO patterns commonly used with Amazon Q in enterprises. https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/what-is.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official tooling<\/td>\nAWS Toolkit for VS Code<\/td>\nHow to install and use AWS Toolkit, which integrates Amazon Q Developer in supported setups. https:\/\/docs.aws.amazon.com\/toolkit-for-vscode\/latest\/userguide\/welcome.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official videos<\/td>\nAWS YouTube Channel<\/td>\nSearch for Amazon Q sessions, demos, and re:Invent talks (content changes over time). https:\/\/www.youtube.com\/@amazonwebservices<\/td>\n<\/tr>\n
                                                                                                                                                      Reputable community<\/td>\nAWS re:Post<\/td>\nPractical Q&A from AWS engineers and customers; validate against official docs. https:\/\/repost.aws\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n\n
                                                                                                                                                      Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      DevOpsSchool.com<\/td>\nDevOps engineers, SREs, developers, architects<\/td>\nAWS tooling, DevOps practices, cloud labs; may include Amazon Q Developer productivity workflows<\/td>\ncheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      ScmGalaxy.com<\/td>\nDevelopers, DevOps, release engineers<\/td>\nSCM\/CI\/CD, automation, cloud tooling; may include AWS integrations<\/td>\ncheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      CLoudOpsNow.in<\/td>\nCloud operations teams, platform engineers<\/td>\nCloud operations, governance, best practices<\/td>\ncheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                      SreSchool.com<\/td>\nSREs, reliability engineers, operations<\/td>\nSRE practices, incident response, observability; potential fit for Amazon Q operational use cases<\/td>\ncheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      AiOpsSchool.com<\/td>\nOperations + AI automation learners<\/td>\nAIOps concepts, operational automation, AI-assisted workflows<\/td>\ncheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n
                                                                                                                                                      Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      RajeshKumar.xyz<\/td>\nCloud\/DevOps training content (verify specific offerings on site)<\/td>\nEngineers seeking practical cloud\/DevOps guidance<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopstrainer.in<\/td>\nDevOps training and coaching (verify course catalog)<\/td>\nDevOps engineers, SREs, CI\/CD practitioners<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopsfreelancer.com<\/td>\nFreelance DevOps help\/training platform (verify services offered)<\/td>\nTeams needing short-term enablement<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopssupport.in<\/td>\nDevOps support and training resources (verify offerings)<\/td>\nOperations teams and DevOps practitioners<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n
                                                                                                                                                      Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      cotocus.com<\/td>\nCloud\/DevOps consulting (verify exact focus areas)<\/td>\nCloud architecture, DevOps automation, governance<\/td>\nAmazon Q rollout planning, IAM Identity Center integration approach, pilot success metrics<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      DevOpsSchool.com<\/td>\nTraining + consulting services (verify consulting offerings)<\/td>\nEnablement, platform practices, DevOps transformations<\/td>\nDeveloper productivity pilot using Amazon Q Developer; operational readiness and best practices<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify service catalog)<\/td>\nCI\/CD, cloud operations, SRE practices<\/td>\nGovernance model for AI assistants, secure development workflows using Amazon Q Developer<\/td>\nhttps:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                      What to learn before Amazon Q<\/h3>\n\n\n\n
                                                                                                                                                      To use Amazon Q effectively (especially in enterprise settings), you should understand:<\/p>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • AWS fundamentals<\/strong>: IAM, regions, basic networking, CloudTrail basics.<\/li>\n
                                                                                                                                                      • Security basics<\/strong>: least privilege, identity federation\/SSO, data classification.<\/li>\n
                                                                                                                                                      • Developer tooling<\/strong> (for Amazon Q Developer): Git, CI\/CD basics, unit testing, code review practices.<\/li>\n
                                                                                                                                                      • Knowledge management<\/strong> (for Amazon Q Business): content lifecycle, doc ownership, permissions models.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        What to learn after Amazon Q<\/h3>\n\n\n\n
                                                                                                                                                        Once you are comfortable with Amazon Q, expand into:<\/p>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Amazon Bedrock<\/strong> for building custom generative AI apps (RAG pipelines, agents).<\/li>\n
                                                                                                                                                        • Enterprise governance for AI<\/strong> (policies, risk management, evaluation).<\/li>\n
                                                                                                                                                        • Observability<\/strong> (CloudWatch, OpenTelemetry patterns) for operational excellence.<\/li>\n
                                                                                                                                                        • Secure SDLC<\/strong> (SAST\/DAST, secrets scanning, policy-as-code).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Cloud Engineer \/ Platform Engineer<\/li>\n
                                                                                                                                                          • DevOps Engineer \/ SRE<\/li>\n
                                                                                                                                                          • Solutions Architect<\/li>\n
                                                                                                                                                          • Software Engineer<\/li>\n
                                                                                                                                                          • Security Engineer (governance and secure coding enablement)<\/li>\n
                                                                                                                                                          • IT Knowledge Manager \/ IT Ops (for Q Business use cases)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                            AWS certifications are not \u201cAmazon Q-specific\u201d today in the same way some services are, but Amazon Q knowledge aligns well with:\n– AWS Certified Solutions Architect (Associate\/Professional)\n– AWS Certified Developer (Associate)\n– AWS Certified Security (Specialty)<\/p>\n\n\n\n
                                                                                                                                                            If AWS introduces Amazon Q\u2013specific learning badges or certifications, verify on AWS Training and Certification<\/strong>: https:\/\/aws.amazon.com\/training\/<\/p>\n\n\n\n
                                                                                                                                                            Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Developer workflow project:<\/strong> Use Amazon Q Developer to generate unit tests and refactor a small repo; enforce formatting and CI checks.<\/li>\n
                                                                                                                                                            • IaC project:<\/strong> Generate a baseline CloudFormation template with security defaults; validate with cfn-lint and security scanning.<\/li>\n
                                                                                                                                                            • Knowledge pilot:<\/strong> Curate a small set of internal docs (in S3) and define a governance process for doc ownership and updates (for Q Business\u2014verify connector\/config steps).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              \n\n\n\n
                                                                                                                                                              22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Amazon Q Developer:<\/strong> Amazon Q offering focused on developer and engineering workflows (IDE assistance, code generation\/explanation, AWS troubleshooting guidance).<\/li>\n
                                                                                                                                                              • Amazon Q Business:<\/strong> Amazon Q offering focused on enterprise knowledge Q&A grounded in internal content sources with access control.<\/li>\n
                                                                                                                                                              • AWS Builder ID:<\/strong> An identity option often used by individual developers for AWS developer tools. Availability for Amazon Q Developer features\/tiering must be verified in current docs.<\/li>\n
                                                                                                                                                              • IAM (Identity and Access Management):<\/strong> AWS service for permissions management (users, roles, policies).<\/li>\n
                                                                                                                                                              • IAM Identity Center:<\/strong> AWS service for workforce identity federation and SSO (formerly AWS SSO).<\/li>\n
                                                                                                                                                              • RAG (Retrieval-Augmented Generation):<\/strong> Pattern that retrieves relevant documents and uses them to ground model responses.<\/li>\n
                                                                                                                                                              • Least privilege:<\/strong> Security principle that grants only the permissions required to perform a task.<\/li>\n
                                                                                                                                                              • Connector:<\/strong> Integration that synchronizes content from a source system into a knowledge assistant index (Q Business), typically with ACL mapping.<\/li>\n
                                                                                                                                                              • CloudTrail:<\/strong> AWS service for auditing API calls and certain account activity.<\/li>\n
                                                                                                                                                              • KMS (Key Management Service):<\/strong> AWS service to create and manage encryption keys (customer-managed or AWS-managed, depending on service support).<\/li>\n
                                                                                                                                                              • IDE:<\/strong> Integrated Development Environment (for example, VS Code, JetBrains).<\/li>\n
                                                                                                                                                              • IaC (Infrastructure as Code):<\/strong> Managing infrastructure using code (CloudFormation, Terraform).<\/li>\n
                                                                                                                                                              • SaaS:<\/strong> Software as a Service\u2014vendor-hosted application delivered via the internet.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                \n\n\n\n
                                                                                                                                                                23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                Amazon Q is AWS\u2019s generative AI assistant family within the Machine Learning (ML) and Artificial Intelligence (AI) category, designed to help developers and business users get answers and complete tasks faster. Amazon Q Developer<\/strong> targets engineering productivity (especially inside IDEs), while Amazon Q Business<\/strong> targets enterprise knowledge Q&A grounded in approved content sources with access controls.<\/p>\n\n\n\n
                                                                                                                                                                From an architecture standpoint, Amazon Q is a managed, identity-aware assistant: your primary design work is governance, permissions, content quality, and rollout planning<\/strong>, not model hosting. From a cost standpoint, expect subscription-style pricing<\/strong> (often per user) and plan for indirect costs like content curation, connector administration, and organizational change management. From a security standpoint, prioritize least privilege<\/strong>, careful connector scoping, and clear policies about what data users may paste into prompts.<\/p>\n\n\n\n
                                                                                                                                                                Use Amazon Q when you want an AWS-managed assistant experience with enterprise controls. If you need deep customization and full control, consider building on Amazon Bedrock<\/strong> instead.<\/p>\n\n\n\n
                                                                                                                                                                Next learning step:<\/strong> Run the hands-on lab above with Amazon Q Developer in VS Code, then read the official documentation for your chosen Amazon Q offering and validate region availability, security controls, and pricing before scaling to production.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                Machine Learning (ML) and Artificial Intelligence (AI)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,32],"tags":[],"class_list":["post-249","post","type-post","status-publish","format-standard","hentry","category-aws","category-machine-learning-ml-and-artificial-intelligence-ai"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=249"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/249\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}