A simple JavaScript frontend and SAM template to spin up a serverless backend, federating Cognito User Pools users to QuickSight.
Get started by cloning the repository then editing some files described with more detail in steps 3-5:
- Using the AWS CLI, create an S3 bucket in the same region where you want all resources to be deployed:
aws s3 mb s3://<bucket-name> --region <AWS Region>
- Package the template with the following command and execute the resulting 'aws cloudformation deploy' output using the AWS CLI, referring to the S3 bucket created earlier:
aws cloudformation package --template-file quicksight.yaml --output-template-file quicksight-output.yaml --s3-bucket <S3 Bucket>
The next command should be something similar to:
aws cloudformation deploy --template-file /Users/<full path>/quicksight-output.yaml --stack-name CognitoQuickSight --capabilities CAPABILITY_IAM
CloudFormation will automatically create and configure the following resources in your account:
- CloudFront distribution
- S3 static website
- Cognito User Pools
- Cognito Identity Pools
- IAM Role for Authenticated Users
- API Gateway API
- Lambda Function
You can follow the progress of the stack creation from the AWS Console in CloudFormation. When the status of the “CognitoQuickSight” stack is CREATE_COMPLETE, execute the following command with the AWS CLI:
aws cloudformation describe-stacks --query 'Stacks[0].[Outputs[].[OutputKey,OutputValue]]|[]' --output text --stack-name CognitoQuickSight
-
Either refer to the output of the "describe-stacks" command above or go to the CloudFormation console, select the stack created on item 2 and open the OUTPUTS tab. All resources we'll need will be there. Use the information to fill up the details in the file "auth.js" including the region.
-
In the AWS Console, go to the Cognito User Pools section and select the pool named QuickSightUsers generated by CloudFormation. Under APP INTEGRATION -> DOMAIN NAME, create a Domain (be mindful domain names are unique to the region) and add the domain to the “auth.js” file accordingly.
-
Under APP INTEGRATION -> APP CLIENT SETTINGS select the option COGNITO USER POOL. Add the CloudFront distribution address (with https://, as SSL is a requirement for the callback/sign out URLs) and make sure that the address matches the related settings in the “auth.js” file exactly. For ALLOWED OAUTH FLOWS, select IMPLICIT GRANT. For ALLOWED OAUTH SCOPES, select OPENID.
-
Upload the four JS and HTML files from the root folder to the S3 bucket named “cognitoquicksight-s3website-xxxxxxxxx”. Make sure that all files are publicly readable.
-
Access the CloudFront distribution address from a browser to authenticate and access QuickSight