You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the Amazon Q module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
Agent Integration
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
21 / 25
20 / 25
18 / 20
18 / 20
8 / 10
85 / 100
Drilldown
Presentation & Onboarding — 21 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
12
README provides comprehensive examples covering basic usage, autonomous usage with AI prompt, custom pre/post install scripts, specific version installation, custom agent configuration, custom AgentAPI configuration, and air-gapped installation. Each major mode (basic, autonomous, air-gapped) has documented examples with sensible defaults.
Coder-context framing
8
4
README names both Coder and Amazon Q, explains MCP integration and task reporting to Coder UI. However, it does not clearly explain what the module adds on top of Coder or show where Coder fits in the overall flow. The integration points are documented but the value proposition and workflow context are implicit.
Visual preview
5
5
README includes an image at ../../.images/amazon-q.png showing Amazon Q in action.
Agent Integration — 20 / 25
Criterion
Max
Score
Notes
AI governance
10
5
README documents Coder MCP integration for task reporting and mentions AgentAPI. However, there is no documentation of Agent Firewall support. The module only covers one aspect (MCP/Gateway) of AI governance, not both Gateway and Firewall.
Dashboard entry point
5
5
Module uses coder_app support through the agentapi submodule, with configurable web_app_display_name, cli_app, and cli_app_display_name variables. Both web and CLI apps are documented in the "Coder Tasks Integration" section.
Session continuity
5
5
README documents session continuity through AgentAPI integration which manages the interactive session. The start script uses agentapi server to manage sessions, and the module supports continuing sessions across reconnects through the AgentAPI layer.
Managed configuration
5
5
README extensively documents managed configuration including agent_config JSON for Amazon Q settings, system_prompt customization, coder_mcp_instructions, trust_all_tools flag, and workdir configuration. The "Default Agent Configuration" section provides comprehensive documentation.
Credential Hygiene — 18 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
14
The auth_tarball variable is marked sensitive = true in main.tf. However, README examples show inline placeholder values like auth_tarball = "PASTE_YOUR_TARBALL_HERE" and default = "PASTE_YOUR_TARBALL_HERE" in the authentication setup section, which counts as inline secrets in examples. This caps the score at 14 (half of 16 rounded).
Non-hardcoded auth path
4
4
README documents generating an authentication tarball from a pre-authenticated local machine, avoiding direct credential entry. The auth_tarball approach uses pre-authenticated session data rather than raw API keys.
Restricted-Environment Readiness — 18 / 20
Criterion
Max
Score
Notes
Mirrorable artifact source
10
10
The q_install_url variable (default: "https://desktop-release.q.us-east-1.amazonaws.com") overrides the Amazon Q download URL. README includes an "Air-Gapped Installation" section documenting how to point to internal artifact repositories. The install script uses ${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-{arch}-linux.zip for downloads.
Bring-your-own binary
5
5
The install_amazon_q variable (default: true) allows disabling installation entirely when Amazon Q is pre-installed. README documents this in the "Specific Version Installation" example and the install script checks ARG_INSTALL before attempting installation.
Egress transparency
3
1.5
README has an "Air-Gapped Installation" section that discusses offline environments and mentions hosting files internally, but does not enumerate the actual external endpoints contacted at install and runtime. The section describes configuration for restricted environments but lacks the explicit endpoint list required for full credit.
Runs without sudo
2
1.5
The install.sh script never invokes sudo directly. However, the README shows a pre_install_script example with sudo apt-get update && sudo apt-get install -y zstd, and the Prerequisites section mentions sudo commands for installing zstd. The core module scripts work without sudo, but documented usage patterns include sudo for dependencies, earning half credit.
Engineering Quality — 8 / 10
Criterion
Max
Score
Notes
Input quality
6
6
Variables have clear descriptions, sensible defaults (e.g., amazon_q_version = "1.14.1", install_amazon_q = true, trust_all_tools = false), and the auth_tarball is marked sensitive. No validation blocks are present, but the input quality is otherwise strong.
Test coverage
4
2
The .tftest.hcl file covers three documented test cases (basic usage, autonomous usage, extended configuration) plus additional scenarios. However, the TypeScript tests in main.test.ts primarily verify resource creation and environment variables rather than end-to-end behavior. Tests validate that resources exist but don't cover the actual Amazon Q integration, MCP functionality, or task reporting behavior.
Overall — 85 / 100
Scored against SCORECARD.md on 2026-07-15 with claude-sonnet-4-5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the Amazon Q module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 21 / 25
../../.images/amazon-q.pngshowing Amazon Q in action.Agent Integration — 20 / 25
coder_appsupport through the agentapi submodule, with configurableweb_app_display_name,cli_app, andcli_app_display_namevariables. Both web and CLI apps are documented in the "Coder Tasks Integration" section.agentapi serverto manage sessions, and the module supports continuing sessions across reconnects through the AgentAPI layer.Credential Hygiene — 18 / 20
auth_tarballvariable is markedsensitive = truein main.tf. However, README examples show inline placeholder values likeauth_tarball = "PASTE_YOUR_TARBALL_HERE"anddefault = "PASTE_YOUR_TARBALL_HERE"in the authentication setup section, which counts as inline secrets in examples. This caps the score at 14 (half of 16 rounded).Restricted-Environment Readiness — 18 / 20
q_install_urlvariable (default: "https://desktop-release.q.us-east-1.amazonaws.com") overrides the Amazon Q download URL. README includes an "Air-Gapped Installation" section documenting how to point to internal artifact repositories. The install script uses${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-{arch}-linux.zipfor downloads.install_amazon_qvariable (default: true) allows disabling installation entirely when Amazon Q is pre-installed. README documents this in the "Specific Version Installation" example and the install script checksARG_INSTALLbefore attempting installation.sudo apt-get update && sudo apt-get install -y zstd, and the Prerequisites section mentions sudo commands for installing zstd. The core module scripts work without sudo, but documented usage patterns include sudo for dependencies, earning half credit.Engineering Quality — 8 / 10
Overall — 85 / 100
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions