doc/user/duo_amazon_q/_index.md
{{< details >}}
{{< /details >}}
{{< history >}}
amazon_q_integration. Disabled by default.amazon_q_integration removed in GitLab 17.8.{{< /history >}}
[!note] GitLab Duo with Amazon Q cannot be combined with other GitLab Duo add-ons.
At re:Invent 2024, Amazon announced the GitLab Duo with Amazon Q integration. With this integration, you can automate tasks and increase productivity.
GitLab Duo with Amazon Q:
For a click-through demo, see the GitLab Duo with Amazon Q Product Tour.
<!-- Demo published on 2025-04-23 -->To get a subscription for GitLab Duo with Amazon Q, contact your Account Executive.
Alternatively, to request a trial, fill out this form.
When you have a GitLab Duo with Amazon Q subscription and GitLab 17.11 or later, you can set up GitLab Duo with Amazon Q on your instance.
To invoke GitLab Duo with Amazon Q for an issue, you will use quick actions.
Turn an idea in an issue into a merge request that contains the proposed implementation.
Amazon Q uses the issue title and description, along with project context, to create a merge request with code to address the issue.
/q dev./q dev.Amazon Q can analyze Java 8 or 11 code and determine the necessary Java changes to update the code to Java 17.
Prerequisites:
pom.xml file must have a source and target.To upgrade Java:
/q transform.A CI/CD job starts. A comment is displayed with the details and a link to the job.
To invoke GitLab Duo with Amazon Q for a merge request, you will use quick actions.
Amazon Q can analyze your merge request and suggest improvements to your code. It can find things like security issues, quality issues, inefficiencies, and other errors.
You can have Amazon Q review automatically when you open or reopen a merge request, or you can manually start a review.
To manually start:
/q review.Amazon Q performs a review of the merge request changes and displays the results in comments.
Amazon Q can make code changes based on reviewer feedback.
/q dev.Amazon Q proposes changes to the merge request based on the reviewer's comments and feedback.
Generate new unit tests for your code using Amazon Q.
/q dev and select Comment.Amazon Q creates a merge request with the suggested tests.
/q dev on a new line and select Add comment now.Amazon Q updates the merge request with the suggested tests.
{{< history >}}
{{< /history >}}
GitLab Duo with Amazon Q uses a composite identity to authenticate requests.
[!note] Support for a composite identity in other areas of the product is proposed in issue 511373.
The token that authenticates requests is a composite of two identities:
id is included in the scopes of the token.This composite identity ensures that any activities authored by Amazon Q are correctly attributed to the Amazon Q service account. At the same time, the composite identity ensures that there is no privilege escalation for the human user.
This dynamic scope is checked during the authorization of the API request. When authorization is requested, GitLab validates that both the service account and the user who originated the quick action have sufficient permissions.
flowchart TD
accTitle: Authentication flow for GitLab Duo
accDescr: API requests are checked against user permissions first, then service account permissions, with access denied if either check fails.
A[API Request] --> B{Human user has access?}
B -->|No| D[Access denied]
B -->|Yes| C{Service account has access?}
C -->|No| D
C -->|Yes| E[API request succeeds]