search

Embedded Data Assistant

Agent Bill 2.0 uses Amazon QuickSight embedded QuickChat (Quick Suite) to provide an AI-powered data assistant directly within the FinOps Center application. This is a migration from the previous embedded Q&A (Q Bar) approach. Each role gets a dedicated chat agent with persona-specific instructions, topic access, and optional MCP actions for workflow

hashtag
Architecture

hashtag
The embedded QuickChat integration uses an AppSync backend with a TypeScript Lambda function. When a user opens Agent Bill in FinOps Center, the application calls generate-embed-url-for-registered-user via AppSync, passing the user's Cognito identity to resolve their QuickSight registered user. The embed URL is configured with experience-configuration set to QuickChat and a fixedAgentArn in contentOptions that routes the user to their role-specific chat agent. The QuickSight Embedding SDK (awslabs/amazon-quicksight-embedding-sdk) renders the chat interface within the application.

hashtag

hashtag
Quick Actions and MCP Integration

hashtag
Agent Bill 2.0 supports Quick Actions via MCP (Model Context Protocol) integration through Quick Spaces. When a persona instruction routes a query to ACTION/TASKS, the chat agent can trigger workflow actions such as budget management, spend card operations, and resource management. These actions are backed by GraphQL mutations via AppSync with Cognito authentication. Quick Spaces are configured in the QuickSight console and must be shared with the appropriate user groups. Note that the automation framework creates Athena queries, datasets, RLS, and topics automatically, but Spaces and embedded chat configuration are manual steps.

hashtag

hashtag
Configuration in FinOps Center

hashtag
Agent Bill is configured in the FinOps Center application via the Configuration page. Financial Admins navigate to Configuration > Agent Bill Configuration to enable Amazon Q Topics and map agent IDs to roles. Each role has a unique agent ID and view ID that connects the FinOps Center application role to the correct QuickSight chat agent. The QuickSight Environment settings (Region, Account) are also configured on this page.

hashtag

hashtag
Additional IAM Permissions

hashtag
The embedded QuickChat integration requires additional IAM permissions beyond standard QuickSight embedding. The embedding policy currently uses resource * and will need scoping for Marketplace onboarding. MCP actions require specific QuickSight action permissions beyond the standard Cognito read-only role. Actions may work in the QuickSight console but require additional sharing configuration to function in the embedded context. Q Business console settings may also need configuration for action authorization.

hashtag

hashtag
Troubleshooting

hashtag
If the default QuickSight chat loads instead of the role-specific Agent Bill chat, verify that fixedAgentArn is set correctly in contentOptions. If users see embed failures, check their QuickSight user status via the CLI command describe-user — users with INACTIVE status will not be able to load the embedded chat. If MCP actions fail with permission errors in the embedded context but work in the QuickSight console, check that the additional IAM policies and QuickSight sharing configuration have been applied. Ensure allowedDomains in the QuickSight management console includes the FinOps Center application domain.automation.

PreviousFilter Null ValuesNextRow Level Security

Last updated