We will now create a Cognito UserPool and a Demo User therein.
Cognito User Pool serves the part of Identity provider. This can be replaced by any Identity Provider that supports OIDC / SAML protocols.
Steps are given below.
Launch Cognito, choose Manage User Pools option and click Create a User pool button.
Use QSEmbedSample as user pool name, click Step through settings,
On Attributes screen, uncheckEnable case insensitivity option, scroll down and click Next Step button.
(User names are case sensitive in QuickSight.)
Change the sign up option to Only allow administrators to create users, click Next step button on this and on subsequent screens till you reach App clients screen.
(We are doing this so that you have full control over how many users are added to this demo environment.)
Click Add an app client, Set the App client name as QSEmbedSample, enable all the Auth flows and click the Create app client button.
Click Next step button on this and Triggers screen, scroll down on Review screen and click Create pool button.
Save Pool Id in your notepad as CognitoUserPoolId.
Click App Client Settings from the left panel. Save ID (from header) in your notepad as CognitoClientId
Set the following options in App client settings screen.
Check Select all
Callback URLs: https://dummy
(We don’t have this url yet and Cognito won’t let us save without entering this. Hence using dummy value. We will come back and update this later.)
Allowed OAuth Flows: Implicit Grant
Allowed OAuth Scopes: openid, profile
Click Save changes
Click Domain Name from left panel.
Use qsesAwsAccountId as domain name (Replace AwsAccountId from your notepad; this is just to make the domain name unique), Check availability and if available, Save changes.
(In case domain is not available, add another random digit at end of account number and check availability again.) Store the full url in your notepad as CognitoDomainUrl.
Click User and groups from left panel and click Create user button.
Enter following details to create the user.
Each user in QuickSight has to be uniquely identified.
Sharing a generic login across multiple users is against licensing terms and will result in poor user experience as QuickSight will throttle such sessions.
Send an invitation…: Email
Temporary password: TestPass-1
Mark phone number as verified: Unchecked
Email: Your Email Address
Mark email as verified: Checked
Click Create user
Return to this step after deploying API Gateway.
Launch App Client section, paste API Gateway Invoke Url (with /test) appended with /embed-sample into Callback and Sign out URL fields and click Save changes.