The Ops Community ⚙️

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at rtfm.co.ua on

AWS: Amazon Q — an overview, features, and first impressions

AWS: Amazon Q — an overview, its features, and first impressions

A first look at and first impressions of Amazon Q, and a little bit about Amazon Bedrock from the re:Invent 2023

We are living in very interesting times.

So, let’s talk about Amazon Q, a new system from AWS that should help us, engineers and others, in our work.

Amazon itself calls it an “AI-powered assistant,” but for us, as engineers, it’s just a chatbot that we can talk to get help solving some problems or to get recommendations for setting up a service. For business, it can probably do many other things, but we are interested in it as an AWS assistant.

Under the hood, Amazon Q uses Amazon Bedrock, so to better understand what Q is, let’s take a look at Bedrock as well.

Amazon Bedrock

Bedrock was launched in April 2023, but for some reason it did not attract such attention as Q, although the service is very interesting, and I will try to write about it separately.

So, AWS Bedrock is a managed service from AWS that allows you to build your AI-powered services using Foundation Models (FM) from Amazon, Meta, Amazon, Stability AI, and others:

See What is a Foundation Model?

Bedrock provides a single API to work with the FMs, and you don’t need to build any infrastructure to run models.

In addition, you can expand Bedrock’s dataset with your own Knowledge base. At the same time, your data will not be merged with the FM itself, i.e. all privacy is fully preserved (including support for GDPR, HIPAA standards).

It is worth watching the video about Bedrock on the AWS re:Invent 2023 — Build your first generative AI application with Amazon Bedrock (AIM218) — it describes the service itself, its architecture, demos, and generally covers basic concepts such as Machine Learning, Deep Learning, Generative AI.

Amazon Q

So Amazon Q is a system on top of Bedrock (I haven’t found any information yet on which model is used, but it’s probably Titan, because it’s a system from Amazon itself).

In fact, it is a chatbot that we can talk to, and it is already available to us in the AWS Console on the right, where we are used to seeing the help section:

Although sometimes Q can’t even answer simple questions :-)

At the same time, both Q and Bedrock are designed for data privacy, so it seems that you can safely (not yet) connect them to corporate data, for example, to a Git repository or Atlassian Confluence, and then Q will use data from these sources to generate answers.

Why “not yet?” Because the system is still in the Preview, and it is already being written about:

Knowledge baseQ is “experiencing severe hallucinations and leaking confidential data ,”

See Amazon’s Q has ‘severe hallucinations’ and leaks confidential data in public preview, employees warn. However, I think these are “childhood diseases” and Amazon will eventually fix everything. So, in short, Q can help us with this:

  • setting up a new system or choosing an architecture
  • solving problems with services
  • work with our code, writing tests

Amazon Q is available in:

  • AWS Console
  • in its documentation
  • in different IDEs (let’s look at VSCode below)
  • Slack (via AWS Chatbot or Slack gateway)
  • in Amazon services — for example, CodeWhisperer (analogous to GitHub Copilot?)

Amazon Q vs ChatGPT

This is perhaps the first question that comes to mind. The following are just my own thoughts:

  • Amazon Q is all about business : if ChatGPT is a kind of general-purpose AI chatbot, then Q can integrate closely with your business — your data, users, etc.
  • Amazon Q is about data security : we are promised very powerful tools for restricting access: for example, if Confluence is connected to Q, then when responding to a user’s request, their rights in Confluence will be checked, and data to which they do not have access there will not be used (I wonder how this is implemented and how it will work, but for now we just keep it in mind)
  • Amazon Q is all about integrations :  — the model used for answering was trained on AWS data, which for 17 years of its existence has accumulated a lot — including, apparently, some data that is usually not publicly available, so theoretically, Q can give more accurate answers in some moments (again — maybe not immediately, while it is still in Preview)  — Q is integrated with AWS services themselves, and you can use it directly in QuickSight, or, as already mentioned, in the AWS Console itself

(those points sound like Amazon paid me for this post :-D)

Amazon Q pricing

As always with AWS, “it’s complicated” :-)

First, while the system is in Preview, most of the features are free.

Secondly, two different plans will be available: Business and Builder.

In short, Business is more about some marketing stuff, like a chatbot to help employees solve some issues, or a kind of “internal Google” — but with access to internal databases.

But Builder, judging by the documentation, is exactly what we, as engineers, will be interested in, because it is in this regard that we will have access to “over 17 years’ worth of AWS knowledge and experience building in the cloud, including best practices, well-architected patterns.”

See Amazon Q pricing.

Amazon Q in AWS Console

Let’s try to get in touch with Amazon Q. We’ll create an EC2, break its networking, and ask Q.

Create an instance, enable SSH access:

Check it — everything is working:

$ ssh 16.170.217.131
The authenticity of host '16.170.217.131 (16.170.217.131)' can't be established.
...
Enter fullscreen mode Exit fullscreen mode

Next, edit the SecurityGroup and remove the SSH access:

And ask Amazon Q:

It replies that he can try to analyze the problem with the AWS VPC Reachability Analyzer. Let’s try it — click on the link, and:

Well, I still expected that Q would be able to analyze the EC2 networking configuration directly and see that the problem was with the SecurityGroup itself. But that’s probably too much to ask (yet?).

However, the fact that it integrates so well with systems such as VPC Reachability Analyzer is not bad, and I hope it will get even better.

Amazon Q and integration with VSCode

Documentation — Set up Amazon Q in your IDE.

Install the AWS Toolkit:

Authenticate by clicking on the Use free with AWS Builder ID:

A window will open in the browser, where we confirm the code and specify our email — you can use any email, not necessarily the one used in your AWS account:

An email with a code will be sent to your email — confirm it and set a password:

Confirm the access:

And now we have a connected Amazon Q in our VSCode:

Ask a question, and it scans the code opened in the editor and gives us the answer based on it:

But it doesn’t always understand the question correctly: in general, it should maintain the context of the conversation and take into account opened code, but here we have a Terraform code opened, and a related question above, and Q gives an answer about the AWS Console:

However, if you slightly rearrange the question, it returns a more valid answer:

At the re:Invent were showing demos of the IDE, and there was an example of how Q helps create code for the AWS CDK and Python, and it looks really cool, because I had a hard time this summer with ChatGPT, which kept giving out examples for an outdated version of the CDK or old versions of libraries (see AWS: CDK and Python — building an EKS cluster, and general impressions of CDK).

Amazon Q Application

We can also create an Application in the AWS Console and use our own data sourcing to generate responses for Q.

Plus, we can also create a web interface for users there:

Create it:

Next, the Retriever is configured — how Q will retrieve data from the data source:

And the last step is to configure the data-source itself through the choice of Q Connectors — and there are a lot of them:

Let’s use the Web crawler:

Authentication is configured here, and I guess this is the place where user permissions will be checked — what I mentioned at the beginning, that Amazon Q will not provide information to the user if they do not have access to it in the data sourcing itself:

And the rest of the settings, including VPC, IAM, synchronisation options, etc:

Run synchronisation with our data-source:

And then we can open the web interface and start working with the bot:

And if you click on the Deploy web experience, you will need to configure SAML:

And it seems like it should work without the deploy, in the Web preview mode, but for me it just hung on the request:

Perhaps it’s because the synchronisation with the data sourcing is not finished, but the process of synchronising with the RTFM blog took several hours, although there are only about 1500 posts, plus all sorts of media files like screenshots. I can’t wait for it to be completed, but if it works after the synchronisation is complete, I’ll update this part here.

(actually, it’s still running even after 12 hours)

Conclusions and impressions of Amazon Q

I wouldn’t say that the service is production-ready, but it’s really still in Preview, so there are a lot of things that will be tweaked/fixed/upgraded, and there’s still work to be done, because it looks a bit raw at the moment — Amazon was clearly in a hurry to release it at least in Preview, because of the whole “Generative AI race” and all that things.

But in general, the system looks quite promising, especially when it learns to really help troubleshoot problems in AWS.

And the most important thing is that it can be used by various businesses, integrating with their systems and databases, and not worry about any privacy compliance, as with the ChartGPT, this is a big problem now.

Useful links

Originally published at RTFM: Linux, DevOps, and system administration.


Top comments (0)