Embedded Analytics Tutorial
with Amazon QuickSight
Module Two: Setting up S3 and Cognito User Pools
In this module we will setup an S3 bucket as well as a CloudFront Distribution and Cognito User Pools.
Introduction
In this module, we will setup an S3 bucket as well as a CloudFront Distribution and Cognito User Pools. This infrastructure will help us to securely host the web portal.
What You Will Learn
- Create S3 bucket - To hold static html and png files
- Create a CloudFront Distribution- To serve out the static page stored in S3
- Create Cognito UserPool- For user authentication
Time to Complete
20 minutes
Services Used
Implementation
-
Create a S3 Bucket
We will use an S3 bucket to hold the static content for our web page
We will use an S3 bucket to hold the static content for our web page.
Create an S3 bucket. Use qseAwsAccountId as bucket name. Check the box to block all public access and click create bucket button.
-
Create a CloudFront Distribution
Let’s next create a CloudFront Distribution to serve out the static web page.
Steps are given below.1. Launch CLoudFront, click Create Distribution and Choose option to Create a web distribution.
2. Set the following options in the Create Distribution page. (Replace AwsAccountId)
Origin Domain Name: Select S3 bucket created in last step from drop down.
qseAwsAccountId.s3.amazonaws.com (if using us-east-1 region)
qseAwsAccountId.s3-region.amazonaws.com (for all other regions, eg: qseAwsAccountId.s3-us-east-2.amazonaws.com)
Origin Id : qseAwsAccountIdOaiId
Restrict Bucket Access: Yes
Origin Access Identity: Create new Identity
Grant Read Permission on Bucket: Yes, Update Bucket Policy
Viewer Protocol Policy: Redirect HTTP to HTTPS
Object Caching: Customize
All TTLs: 15
(This is done for ease of testing if we have to edit the html content later on. Should be set to higher values in other envs.)
Query String Forwarding and Caching: Forward all, cache based on all3. Leave all other options at default, scroll down and click Create Distribution button.
4. Click Distributions from left panel to refresh the page.
5. Copy the Domain Name and save this in a notepad as CloudFront Domain Name.
-
Create Cognito UserPool
We will now create a Cognito UserPool and a DemoUser therein.
Steps are given below.
Please note - You have to uniquely identify each user for whom you are generating embedded dashboard.
This is needed for performance assurance, row level security and to be compliant with licensing terms.
If you have a requirement to provide public/unauthenticated/anonymous access to embedded dashboards,
please reach out to quicksight-pm@amazon.com/quicksightsales@amazon.com with details and we will provide guidance on how to set it up.1. Launch Cognito and choose Manage User Pools option.
2. Click Create a User pool button.
3. Use QSE-Cognito as user pool name and click Step through settings.
4. On Attributes screen, uncheck Enable case insensitivity option.
5. Scroll down and click Next Step button.
6. Change the sign up option to Only allow administrators to create users and click Next step button
7. Click through Next step on subsequent screens till you reach App clients screen.
Click Add app client8. Set the name as QSCognitoAppClient, enable all the Auth flows and click the Create app client button.
9. Click Next step button.
10. Click Next step on Triggers screen, scroll down on Review screen and click Create pool.
11. Save Pool Id in your notepad as Cognito UserPool Id.
Click App Client Settings from the left panel.12. Save ID (from header) in your notepad as Cognito App Client Id and then set the following options.(Refer notepad for CloudFront Domain Name)
Check Select all
Callback URLs: https://CloudFront Domain Name/qsembed.html
Allowed OAuth Flows: Implicit Grant
Allowed OAuth Scopes: openid, profile
Click Save changes13. Click Domain Name from left panel.
14. Use qseAwsAccountId as domain name, Check availability and if available, Save changes.
15. Click User and groups from left panel and click Create user button.
16. Enter following details to create the user.
Username: DemoUser
Temporary password: TestPass-1
Send an invitation…: Email
Email: Your Email Address
Mark email as verified: Checked
Click Create user
Conclusion
You successfully completed module two! Next, lets create IAM policies in module three.