amazon_q_integration.md

stage: AI-powered
group: Custom Models
info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
title: Amazon Q integration for testing and evaluation

This guide combines and build on top of the following guides and sources. It describes Amazon Q setup for testing and evaluation purposes:

• Set up GitLab Duo with Amazon Q
• code-suggestions development guide

This guide describes how to set up Amazon Q in a GitLab Linux package running in a VM, using the staging AI Gateway. The reason we need a GitLab Linux package instance instead of GDK is that the GitLab instance needs an HTTPS URL that can be accessed by Amazon Q.

Install and configure a GitLab Linux package on a virtual machine

1. Create a VM in either GCP or AWS

   • Follow this guide on how to create a VM in GCP
   • Create a VM in AWS
     1. Go to cloud sandbox, and login with OKTA
     2. Click "Create Individual Account", and choose aws-*** (not aws-services-*** or aws-dedicated-***). This will create a AWS sandbox and display login credentials
     3. Configure an EC2 machine of similar spec as GCP VM

   A few things to note:

   • Need to enable both http and https traffic under firewall setting.
   • Copy the external IP of the VM instance created.

2. Install GitLab

   1. Follow this guide on how to install GitLab Linux package. We need to set up the external URL and an initial password. Install GitLab using the following command:

      sudo GITLAB_ROOT_PASSWORD="your_password" EXTERNAL_URL="https://<vm-instance-external-ip>.nip.io" apt install gitlab-ee

      This will use nip.io as the DNS service so the GitLab instance can be accessed through HTTPs

3. Config the newly installed GitLab instance

   1. SSH into the VM, and add the following config into /etc/gitlab/gitlab.rb

      gitlab_rails['env'] = {
        "GITLAB_LICENSE_MODE" => "test",
        "CUSTOMER_PORTAL_URL" => "https://customers.staging.gitlab.com",
        "AI_GATEWAY_URL" => "https://cloud.staging.gitlab.com/ai"
      }

   2. Apply the config changes by sudo gitlab-ctl reconfigure

4. Obtain and activate a self-managed ultimate license

   1. Go to staging customers portal, select "Signin with GitLab.com account".
   2. Instead of clicking "Buy new subscription", go to the product page directly. For reason of this, see buy_subscription
   3. Purchase the subscription using a test credit card. An activation code will be given. Do not purchase a duo-pro add-on, because currently duo-pro and Q are mutually exclusive.
   4. Go to the GitLab instance created earlier (https://<vm-instance-external-ip>.nip.io), log in with root account. Then on the left sidebar, go to Admin > Subscription, and enter the activation code

Create and configure an AWS sandbox

1. Follow the same step described above on how to create an AWS sandbox if you haven't had one already.

2. Login into the newly created AWS account and create an Identity Provider following this instruction with slight modifications:

   • Provider URL: https://glgo.staging.runway.gitlab.net/cc/oidc/<your_gitlab_instance_id>
   • Audience: gitlab-cc-<your_gitlab_instance_id>

   The GitLab instance ID can be found at <gitlab_url>/admin/ai/amazon_q_settings

3. Create a new role using the identity provider. For this, we can follow this section exactly.

Add Amazon Q to GitLab

1. Follow Enter the ARN in GitLab and enable Amazon Q exactly
2. Invite Amazon Q user to your project. For this step, we do not need to configure AI Gateway again, because we've already done it when configuring our GitLab instance.
3. Now Q should be working. We can test it like this