Implementation

• Create a S3 Bucket

  We will use an S3 bucket to hold the static content for our web page

  We will use an S3 bucket to hold the static content for our web page.
  Create an S3 bucket. Use qseAwsAccountId as bucket name. Check the box to block all public access and click create bucket button.
  
  

  

• Create a CloudFront Distribution

  Let’s next create a CloudFront Distribution to serve out the static web page.
  Steps are given below.

  1. Launch CLoudFront, click Create Distribution and Choose option to Create a web distribution.

  

  

  2. Set the following options in the Create Distribution page. (Replace AwsAccountId)
  Origin Domain Name: Select S3 bucket created in last step from drop down.
  qseAwsAccountId.s3.amazonaws.com (if using us-east-1 region)
  qseAwsAccountId.s3-region.amazonaws.com (for all other regions, eg: qseAwsAccountId.s3-us-east-2.amazonaws.com)
  Origin Id : qseAwsAccountIdOaiId
  Restrict Bucket Access: Yes
  Origin Access Identity: Create new Identity
  Grant Read Permission on Bucket: Yes, Update Bucket Policy
  Viewer Protocol Policy: Redirect HTTP to HTTPS
  Object Caching: Customize
  All TTLs: 15
  (This is done for ease of testing if we have to edit the html content later on. Should be set to higher values in other envs.)
  Query String Forwarding and Caching: Forward all, cache based on all

  

  

  

  3. Leave all other options at default, scroll down and click Create Distribution button.

  

  4. Click Distributions from left panel to refresh the page.

  

  5. Copy the Domain Name and save this in a notepad as CloudFront Domain Name.

  

• Create Cognito UserPool

  We will now create a Cognito UserPool and a DemoUser therein.
  Steps are given below.
  
  Please note - You have to uniquely identify each user for whom you are generating embedded dashboard.
  This is needed for performance assurance, row level security and to be compliant with licensing terms.
  If you have a requirement to provide public/unauthenticated/anonymous access to embedded dashboards,
  please reach out to quicksight-pm@amazon.com/quicksightsales@amazon.com with details and we will provide guidance on how to set it up.

  1. Launch Cognito and choose Manage User Pools option.

  

  2. Click Create a User pool button.

  

  3. Use QSE-Cognito as user pool name and click Step through settings.

  

  4. On Attributes screen, uncheck Enable case insensitivity option.

  

  5. Scroll down and click Next Step button.

  

  6. Change the sign up option to Only allow administrators to create users and click Next step button

  

  7. Click through Next step on subsequent screens till you reach App clients screen.
  Click Add app client

  

  8. Set the name as QSCognitoAppClient, enable all the Auth flows and click the Create app client button.

  

  9. Click Next step button.

  

  10. Click Next step on Triggers screen, scroll down on Review screen and click Create pool.

  

  11. Save Pool Id in your notepad as Cognito UserPool Id.
  Click App Client Settings from the left panel.

  

  12. Save ID (from header) in your notepad as Cognito App Client Id and then set the following options.(Refer notepad for CloudFront Domain Name)
  Check Select all
  Callback URLs: https://CloudFront Domain Name/qsembed.html
  Allowed OAuth Flows: Implicit Grant
  Allowed OAuth Scopes: openid, profile
  Click Save changes

  

  13. Click Domain Name from left panel.

  

  14. Use qseAwsAccountId as domain name, Check availability and if available, Save changes.

  

  15. Click User and groups from left panel and click Create user button.

  

  16. Enter following details to create the user.
  Username: DemoUser
  Temporary password: TestPass-1
  Send an invitation…: Email
  Email: Your Email Address
  Mark email as verified: Checked
  Click Create user