How to Set Up Amazon Q for Business with SharePoint and S3

Amazon Q for Business is an enterprise generative AI assistant that answers employee questions by searching your company’s internal documents — Sharepoint, S3, Confluence, and more. Instead of hunting through file shares or Slack, employees ask Q questions like “What’s our current pricing?” or “Find the Q1 budget approval” and get instant answers with source citations.

This guide covers setting up Q for Business, connecting data sources (SharePoint and S3), managing users, and deploying at scale.

Building Enterprise AI Assistants on AWS? FactualMinds helps organizations deploy Amazon Q with secure access controls and integrated data sources. See our AWS Bedrock consulting services or talk to our team.

Step 1: Understand Amazon Q for Business Architecture

Q for Business operates as a centralized enterprise search + AI layer:

Employee Asks Q
  ↓
Q Retrieves Relevant Documents (SharePoint, S3, Confluence)
  ↓
Claude or Other Model Generates Answer
  ↓
Response + Source Links Returned to Employee

Key concepts:

• Web Experience: Browser-based interface employees use to chat with Q (no plugins needed)
• Data Sources: Connectors to SharePoint, S3, Confluence, Salesforce, Jira, etc.
• Access Controls: Q respects your identity provider (Okta, Azure AD) and source permissions
• Plugins: Q can call APIs (Jira, Salesforce) to fetch real-time data
• Indexing: Documents are embedded and searchable (updates daily by default)

Example flow:

Finance Employee: "What was approved in the Q1 budget for marketing?"
  ↓ (Q searches SharePoint for "budget", "Q1", "marketing")
  ↓ (Q finds: Q1_2026_Budget.xlsx, Marketing_Spend_Approval.docx)
  ↓ (Q passes documents to Claude)
  → Claude responds: "Marketing was approved for $250K in Q1 2026 for paid ads and content. See attached..."

Step 2: Prerequisites

Before starting:

• AWS Account with appropriate permissions
• Microsoft Entra ID (formerly Azure AD) tenant if using SharePoint
• S3 bucket for document storage (if using S3)
• User list of who should access Q

Step 3: Create an Amazon Q for Business Instance

Go to AWS Console → Amazon Q → Q in Web Experience:

1. Click Create a web experience
2. Name: company-assistant (lowercase)
3. Description: “Q&A assistant for company documents”
4. Identity provider: Select your provider:
   • Microsoft Entra ID (Okta, Azure AD)
   • Cognito (AWS-managed)
   • SAML 2.0
5. IAM Role: Create or select a role with permissions for:
   • kendra:* (search index)
   • s3:GetObject (S3 access)
   • secretsmanager:GetSecretValue (connector credentials)
6. Click Create web experience

Deployment takes 10-15 minutes. Once complete, you’ll get a web URL (e.g., https://xxxxx.q.aws).

Step 4: Connect SharePoint as a Data Source

Prerequisites

• SharePoint admin credentials
• Azure AD app registration (for service account)

Register Azure AD App

1. Go to Azure Portal → App Registrations
2. Click New Registration
3. Name: AmazonQConnector
4. Supported Account Types: Single Tenant
5. Redirect URI: Leave blank
6. Click Register
7. Go to Certificates & Secrets → New Client Secret
   • Description: AmazonQSecret
   • Expiry: 24 months
   • Copy the secret value (save it)
8. Go to API Permissions
   • Click Add Permission → Microsoft Graph
   • Search for and add: Sites.Read.All, Files.Read.All
9. Click Grant admin consent

Connect SharePoint in Q

1. In Q console, go to Data Sources → Add data source
2. Type: Microsoft SharePoint Online
3. SharePoint URL: https://yourcompany.sharepoint.com
4. Azure Tenant ID: (from Azure Portal)
5. Azure Application ID: (from app registration)
6. Azure Application Secret: (secret from step above)
7. Document access: Select which document libraries to index
   • E.g., /documents/HR/, /documents/Finance/
8. Sync schedule: Daily (or on-demand)
9. Click Add data source

Q will now crawl SharePoint daily, indexing all accessible documents. First sync takes 30 mins–2 hours depending on volume.

Step 5: Connect S3 as a Data Source

Prepare S3 Bucket

Create or select an S3 bucket with your documents:

aws s3api create-bucket \
  --bucket company-q-documents \
  --region us-east-1

# Enable versioning (recommended for audits)
aws s3api put-bucket-versioning \
  --bucket company-q-documents \
  --versioning-configuration Status=Enabled

Upload documents:

aws s3 cp company-documents/ s3://company-q-documents/docs/ --recursive

Connect S3 in Q

1. In Q console, go to Data Sources → Add data source
2. Type: Amazon S3
3. S3 Bucket: company-q-documents
4. Include prefixes: /docs/ (optional, to limit scope)
5. Document access:
   • If all users should see all documents: Select “Public access”
   • If access should match IAM roles: Select “IAM”
6. Sync schedule: Daily
7. Click Add data source

Q will now index all documents in the S3 bucket.

Step 6: Configure User Access and Roles

Add Users

1. Go to User access → Add users
2. Search for employees in your identity provider
3. Assign role:
   • User: Can search and chat with Q (default)
   • Admin: Can manage data sources, connectors, plugins
4. Click Add

Users receive an email with the Q web experience link.

Restrict Access (Access Controls)

If you need users to see only documents they have permissions for:

1. Go to Data sources → [Your SharePoint/S3 source]
2. Document access: Set to “IAM” or “Use content repository permissions”
3. Q will respect SharePoint/S3 access controls automatically

Example: HR documents are only indexed for HR employees (via SharePoint permissions). Q respects this — non-HR employees won’t see HR docs even if they ask.

Step 7: Test Q in Web Experience

1. Navigate to your Q web URL (e.g., https://xxxxx.q.aws)
2. Log in with your work identity
3. Test queries:

"What's our customer data privacy policy?"

Expected: Q returns relevant docs from your data sources + AI-generated answer

"Find the Q1 2026 budget approval"

Expected: Q finds budget spreadsheets + cites sources

"Who is the product manager for Project X?"

Expected: If you have an org chart in docs, Q finds it

4. Verify sources are cited (Q should show document names and page numbers)

Step 8: Add Plugins (Optional — For Real-Time Data)

Plugins allow Q to fetch real-time data from external systems.

Example: Jira Plugin

Connect Q to Jira for real-time issue lookup:

1. In Q console, go to Plugins → Add plugin
2. Type: Jira
3. Jira URL: https://yourcompany.atlassian.net
4. API Token: (generate in Jira → Settings → API Tokens)
5. Allowed Projects: Select which Jira projects Q can access
6. Click Add plugin

Now users can ask: “What’s the status of bug #PROJ-1234?” and Q will fetch real-time info from Jira.

Example: Salesforce Plugin

Connect to Salesforce for customer data:

1. Type: Salesforce
2. Salesforce Org URL: https://xxxxx.my.salesforce.com
3. Consumer Key & Secret: (OAuth app credentials)
4. Q can now answer: “What’s the ARR for customer Acme Corp?”

Step 9: Monitor and Optimize

CloudWatch Metrics

Q publishes metrics:

• IndexDocumentCount — Total documents indexed
• SearchRequestCount — Queries per day
• AvgResponseTime — Query latency
• SourceSyncErrors — Failed syncs (investigate)

Set up alarms:

aws cloudwatch put-metric-alarm \
  --alarm-name "Q-Sync-Failures" \
  --alarm-description "Alert if document sync fails" \
  --metric-name SourceSyncErrors \
  --namespace AWS/Q \
  --statistic Sum \
  --period 3600 \
  --threshold 1 \
  --comparison-operator GreaterThanOrEqualToThreshold \
  --alarm-actions arn:aws:sns:us-east-1:123456789012:alerts

User Adoption Tracking

Monitor usage in Q console:

• Active Users: Daily/weekly active user count
• Queries: Search queries per day
• Sources Used: Which data sources are searched most
• Answer Satisfaction: Users can thumbs-up/down Q responses

Use this data to:

• Identify underused data sources (improve indexing?)
• Measure ROI (time saved vs. Q cost)
• Refine system prompt if answers are unsatisfactory

Step 10: Production Patterns

Pattern 1: Data Governance

Organize documents so Q surfaces the most relevant:

s3://company-q-documents/
├── HR/ → accessible only to HR employees
├── Finance/ → accessible only to Finance
├── Public/ → accessible to all employees
├── Archive/ → old docs (low priority in search)
└── Policies/ → company-wide (high priority)

Tag documents for priority:

aws s3api put-object-tagging \
  --bucket company-q-documents \
  --key Finance/Q1_2026_Budget.xlsx \
  --tagging 'TagSet=[{Key=Priority,Value=High},{Key=Department,Value=Finance}]'

Q can use tags to prioritize in search results.

Pattern 2: Regular Sync Validation

Monitor sync health:

import boto3
from datetime import datetime, timedelta

q = boto3.client('qbusiness')

def check_data_source_health():
    sources = q.list_data_sources(applicationId='your-q-instance-id')

    for source in sources['dataSourceSummaryItems']:
        sync_history = q.get_data_source_sync_history(
            applicationId='your-q-instance-id',
            dataSourceId=source['dataSourceId']
        )

        last_sync = sync_history['syncHistory'][0] if sync_history['syncHistory'] else None

        if last_sync:
            status = last_sync['status']
            timestamp = last_sync['executionTime']

            if status == 'FAILED':
                print(f"WARNING: {source['displayName']} sync failed at {timestamp}")
            elif datetime.now() - timestamp > timedelta(days=2):
                print(f"WARNING: {source['displayName']} sync is stale ({timestamp})")
            else:
                print(f"OK: {source['displayName']} synced at {timestamp}")

check_data_source_health()

Pattern 3: Answer Quality Reviews

Periodically audit Q’s answers:

• Weekly: Review low-rated answers (thumbs down)
• Monthly: Audit top 10 queries for accuracy
• Quarterly: Full knowledge base review for freshness

If answers are inaccurate:

• Check if source documents are up-to-date
• Improve document titles/structure for clarity
• Refine system prompt in Q settings

Common Mistakes to Avoid

1. Not respecting access controls

   • If documents are private, configure Q to enforce permissions
   • Don’t assume Q will automatically restrict access

2. Indexing too much data

   • Q searches entire knowledge base by default
   • Index only documents employees should see
   • Use filters/prefixes to limit scope

3. Stale data

   • Set sync frequency to match document update cadence
   • Daily sync for frequently-updated docs, weekly for stable docs

4. Poor document structure

   • Q searches titles, headers, and content
   • Ensure documents have clear titles and structure
   • Avoid image-only PDFs (Q can’t read images)

5. Not testing with real users

   • Q behavior varies by document quality
   • Have 5-10 users pilot before company-wide rollout
   • Collect feedback and iterate

Next Steps

1. Set up Q instance (15 mins)
2. Connect SharePoint or S3 (30 mins)
3. Add first batch of users (pilot group)
4. Collect feedback (1 week)
5. Refine and roll out company-wide
6. Talk to FactualMinds if you need help integrating Q with custom data sources or optimizing for specific use cases