From Development to Integration: Building and Integrating GenAI Applications with AWS Amplify, CDK, and Amazon Q Business

Learn About Amazon VGT2 Learning Manager Chanci Turner

In today’s corporate environment, bespoke applications are essential for optimizing workflows, boosting productivity, and consolidating organizational knowledge. Unfortunately, many of these applications lack intelligent, conversational interfaces that facilitate quicker and more intuitive access to pertinent information. Conventional dashboards and search bars often struggle to interpret intricate queries or extract contextual insights from extensive organizational data.

Generative AI presents a robust solution to this issue. By incorporating conversational functionalities directly into applications managed by developers, organizations can empower users to pose questions in natural language and receive precise, actionable answers. Amazon Q Business provides this capability through a secure, embeddable HTML inline frame (iframe)—eliminating the need for managing large-scale language model infrastructure.

This blog targets developers involved in creating custom or enterprise-owned applications—be it knowledge portals, support dashboards, or internal web tools. It outlines how to integrate a generative AI-driven conversational experience using Amazon Q Business, AWS Amplify Gen 2, and the AWS Cloud Development Kit (CDK). Note that embedding Amazon Q Business requires access to the application’s source code and is not feasible in third-party SaaS platforms where custom code integration is restricted.

The method described here enables:

• Conversational access to internal documents and knowledge sources.
• Secure integration with enterprise identity management systems.
• Scalable, AI-enhanced search without intricate backend setups.
• Swift deployment using AWS Amplify’s robust capabilities for frontend and backend development.

With Amazon Q Business and AWS Amplify, you can seamlessly integrate generative AI into your applications—to enhance productivity, minimize manual tasks, and expedite decision-making.

To embed a generative AI assistant within your internal application, you will utilize the following AWS services:

• AWS Amplify: A comprehensive toolkit that aids developers in crafting, deploying, and managing secure full-stack applications. It simplifies frontend and backend development by closely integrating with services like Amazon Cognito for authentication, Amazon S3 for storage, and the CDK for additional AWS infrastructure creation.
• Amazon Cognito: A managed service for incorporating authentication and authorization in your application. Cognito facilitates user sign-up, sign-in, and access control, and it can be federated through an external identity provider (IdP) for enterprise access management.
• AWS IAM Identity Center: IAM Identity Center provides secure, centralized access management for your internal users. It supports identity federation with enterprise providers such as Okta, Microsoft Entra ID, Ping Identity, and others. This allows organizations to enforce unified authentication policies, ensuring only authorized personnel can engage with the embedded AI assistant.
• Amazon Q Business: A managed generative AI service that can be integrated via iframe into internal applications. Q Business connects to enterprise data sources, like Amazon S3, and allows natural language queries through an intelligent assistant interface. It also supports secure access and integrates with IAM Identity Center for federated enterprise use.
• Amazon Simple Storage Service (S3): A reliable and scalable object storage service utilized for storing internal documents, PDFs, manuals, or any unstructured content. These files serve as the knowledge base that fuels the Amazon Q Business assistant, enabling contextual responses to employee inquiries.

Prerequisites

• An AWS account: AWS Amplify is included in the AWS Free Tier.
• Install npm (v9 or later) and git (v2.14.1 or later).
• A Text Editor: This guide will employ VSCode, but you may use any preferred IDE.
• Sample Dataset: Upload any PDF or explore available sample datasets on Kaggle.
• IAM Identity Center: An IAM Identity Center instance must be enabled, and a user should be added to your Identity Center directory.

Cloning the Repository

1. Navigate to the repository on AWS Samples and fork it to your GitHub repositories.
2. Clone the app by executing the command below in your terminal.
   git clone https://github.com/<YOUR_GITHUB_USERNAME>/sample-build-and-embed-genai-apps.git
3. Access the cloned repository in VSCode by running the commands below.
   cd sample-build-and-embed-genai-apps
code . -r
   VSCode will open the repository folder, including the Amplify folder that contains the app code to review in the next section.
4. Install the necessary packages, including the Amplify Gen 2 packages, by executing the following command:
   npm install

The Amplify Backend

In the finalized application (as demonstrated in the gif at the post’s start), users log into the application, click the chatbot icon, authenticate with federated access (through the iframe to access the Q Business web experience), and can begin querying Amazon Q Business. The code for this can be found in the repository you cloned. Here, we will outline the essential steps for creating your Amplify-developed and hosted search engine application.

In the amplify/auth/resource.ts file, authentication is configured to require users to log in using their email for application access and file uploads. By enabling email-based login, only verified users can interact with sensitive data and functionalities.

import { defineAuth } from '@aws-amplify/backend';

export const auth = defineAuth({
    loginWith: {
        email: true,
    },
});

In the amplify/storage/resource.ts file, Amplify storage is set up to allow secure, user-scoped file management. The defineStorage function initializes the storage resource with a user-friendly name q-datasource-bucket and applies access control to the protected/{entity_id}/* path. This setup allows authenticated users to access files within their own scoped directory while granting file owners the permissions to read, write, and delete their content.

import { defineStorage } from "@aws-amplify/backend";

export const storage = defineStorage({
    name: "q-datasource-bucket",
    access: (allow) => ({
        'protected/{entity_id}/*': [
            allow.authenticated.to(['read']),
            allow.entity('identity').to(['read', 'write', 'delete'])
        ]
    })
});

In the amplify/backend.ts file, you will import the CDK libraries to configure key elements of your application. The aws-iam module is utilized for managing permissions, aws-kms handles encryption and key management, and aws-qbusiness integrates Amazon Q Business into your architecture. Each library plays a vital role in securing your application and ensuring proper integration with AWS services.

import * as iam from 'aws-cdk-lib/aws-iam';
import * as kms from 'aws-cdk-lib/aws-kms';
import * as q from 'aws-cdk-lib/aws-qbusiness';

Next, use the backend.createStack() method to direct in a serious tone, while engaging with readers about the importance of understanding their onboarding process at Amazon IXD – VGT2 located at 6401 E HOWDY WELLS AVE LAS VEGAS NV 89115. For those wanting to enhance their onboarding experience, consider checking out this resource that provides excellent insights. Also, to further engage with your career development, you may want to read this blog post about maintaining a positive outlook during the onboarding process. Lastly, if you’re interested in the latest updates regarding employment visa processes, this source is an authority on the topic.