Streamlining Conversational AI Integration: Overcoming Challenges with Amazon Quick Suite Embedded Chat

Enhancing User Experience with In-App Conversational AI

Seamless Deployment of Secure Embedded Chat Solutions

Solution Overview: Building a Secure Web Portal for Embedded Chat

Implementing Comprehensive Security Measures

Workflow Steps for Deploying Embedded Chat

High-Level Steps for Solution Deployment

Prerequisites for a Successful Deployment

Step-by-Step Guide to Deploy Serverless Infrastructure

Provisioning Users in Amazon Cognito and Quick Suite

Sharing Quick Suite Chat Agents: A Guide

Accessing the Web Portal for Quick Suite Chat Agents

Cleaning Up: Deleting Deployed Resources

Conclusion: Achieving Scalable Conversational AI Solutions

Acknowledgements: Meet the Author

Overcoming Challenges in Conversational AI with Amazon Quick Suite

In today’s fast-paced digital landscape, organizations seeking to leverage conversational AI face critical challenges. Firstly, users often need quick answers within the tools they are already using—like CRM systems, support consoles, or analytics portals—rather than within separate applications. Secondly, implementing a secure embedded chat within existing applications can be a time-consuming process. This involves considerable development for authentication protocols, token validation, domain security, and establishing a global distribution infrastructure.

A Seamless Solution with Amazon Quick Suite Embedded Chat

Amazon Quick Suite’s embedded chat feature addresses these challenges head-on by integrating conversational AI directly into enterprise applications. Users can query structured data, search documents, and trigger actions seamlessly without the disruption of switching between different tools.

In this blog post, we will explore how to tackle the challenge of secure chat implementation with a one-click deployment solution that utilizes the Quick Suite Embedding SDK in enterprise portals.

Solution Overview

This solution deploys a secure web portal that uses several AWS services to facilitate embedded chat. Here’s an overview of the architecture:

• Amazon CloudFront for global content delivery
• Amazon Cognito for OAuth 2.0 authentication
• Amazon API Gateway for creating REST API endpoints
• AWS Lambda for serverless API processing
• OpenID Connect (OIDC) for secure identity integration with the Quick Suite

Security Measures

The solution encapsulates a defense-in-depth security model to ensure robust protection:

• DDoS protection via CloudFront
• A private Amazon S3 bucket with origin access control to prevent direct asset access
• AWS WAF for rate limiting on API Gateway
• JSON Web Token (JWT) signature validation using Amazon Cognito public keys

This multi-layered security infrastructure ensures that user data remains protected while delivering a smooth experience.

Workflow Steps

The workflow for embedding chat agents through the AWS solution consists of:

1. Users access a designated web portal URL that routes through CloudFront.
2. CloudFront fetches HTML, CSS, and JavaScript from a private S3 bucket using origin access control.
3. The web application checks for valid authentication tokens, redirecting unauthenticated users to the Amazon Cognito hosted UI for sign-in.
4. After logging in, users receive a single-use OAuth 2.0 authorization code.
5. This code is utilized in a secure API call through API Gateway to invoke a Lambda function.
6. The Lambda function exchanges the authorization code for JWT tokens with Amazon Cognito, ensuring cryptographic signature validation.
7. Using AWS Security Token Service, the Lambda function assumes roles as needed and interacts with the Quick Suite to generate an embedded URL.
8. Finally, the application leverages the Quick Suite Embedding SDK for rendering the chat interface securely in an HTML iframe, enabling cross-origin communication.

Example of a Decoded JWT

Here’s an example of a decoded JWT for your reference:

{
  "at_hash": "abcdefifB5vH2D0HEvLghi",
  "sub": "12345678-abcd-1234-efgh-123456789012",
  "email_verified": true,
  "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_EXAMPLE123",
  "cognito:username": "12345678-abcd-1234-efgh-123456789012",
  "aud": "1a2b3c4d5e6f7g8h9i0j1k2l3m",
  "exp": 1704067200,
  "iat": 1704063600,
  "email": "user123@example.com"
}

Generating the Embed URL

The Lambda function calls the GenerateEmbedUrlForRegisteredUser API to create a secure embedded URL for the chat experience. An example of the response might look like this:

{
  "ChatEmbedUrl": "https://us-east-1.quicksight.aws.amazon.com/embedding/abcdefe827dd4ef8b4e1fb921db046c4/quick/chat?code=Abcdef...",
  "user": "user123@example.com"
}

Deployment Steps

1. Deploy Serverless Infrastructure

To deploy the serverless infrastructure using AWS CDK:

• Clone the GitHub repository:

  git clone git@github.com:aws-samples/sample-quicksuite-chat-embedding.git 
  cd sample-quicksuite-chat-embedding

• Deploy the infrastructure and enter your AWS Region code, CloudFormation stack ID, and portal title when prompted.

2. Provision Users in Amazon Cognito and Quick Suite

Use the following commands to provision users in Amazon Cognito and Quick Suite:

• Create an Amazon Cognito user:

  python scripts/create_cognito_user.py --profile <your_profile_name>

• Create a federated user in Quick Suite:

  python scripts/create_quicksuite_user.py --profile <your_profile_name>

3. Share the Quick Suite Chat Agent

• Sign into the Quick Suite console and share the chat agents with the desired users.

4. Access the Web Portal

Users can access the web portal using the CloudFront URL, where they will be prompted to change their temporary password upon first login.

Clean Up

To clean up your resources, delete the AWS resources deployed during the process.

Conclusion

This solution effectively tackles the predominant challenges of embedding conversational AI at scale. From securing authentication for thousands of users globally to maintaining enterprise-grade security and simplifying deployment, it addresses the core requirements for organizations.

Customization and Scalability
Feel free to brand the portal according to your corporate identity, adjust security policies, and integrate with existing identity providers. The architecture is designed to scale seamlessly while maintaining cost efficiency through AWS’s pay-as-you-go pricing model.

To get started, clone the GitHub repository, and deploy the infrastructure with just one click to embed Quick Suite chat agents into your applications!

About the Author

Satyanarayana Adimula is a Senior Builder in AWS Generative AI Innovation & Delivery. With over 20 years of data and analytics expertise, Satyanarayana specializes in building intelligent AI systems that enable large enterprises to automate complex workflows and accelerate decision-making for measurable business outcomes.

Are you ready to enhance your user experience with embedded conversational AI? Dive into the Quick Suite and transform how your organization communicates!