aws-samples / aws-cognito-quicksight-auth Goto Github PK

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Template format error: Unrecognized resource types: [AWS::Cognito::UserPool, AWS::Cognito::IdentityPoolRoleAttachment, AWS::Cognito::UserPoolClient, AWS::Cognito::IdentityPool]

Hi - not an issue maybe but guidance, please. All works fine but I am using groups created in the User Pool in the claim of the Identify Pool Authentication provider (new role with rules). The default as provided in the stack works fine, but I'm battling to get a member of a group to login to Quicksight and see either dashboards specified as a resource or dashboards published to a group which is again specified in the IAM permissions. e.g. of IAM policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Action": "quicksight:CreateReader",
"Effect": "Allow",
"Resource": ""
},
{
"Action": "quicksight:CreateGroupMembership",
"Effect": "Allow",
"Resource": "arn:aws:quicksight:::group/default/"
}
]
}

I've changed this around a few times to use only the groupmembership action, RegisterUser and specified the dashboard ARN for resource without success. This may be me missing something on IAM knowledge but if it is please let me know!

Hi all,

How do I get the specific username of the person who logged in? Currently, it is showing on Quicksight as 'RoleName/CognitoCredentials'. Every cognito user that exist in my user pool can access this unique quicksight user using '/CognitoCredentials'.

For example, let's suppose that my cognito user pool has two users "user1" and "user2" and I want to restrict some dashboards for them. When "user1" or "user2" is logged in, the quicksight user is 'RoleName/CognitoCredentials'. In other words, the same quicksight user is accessed by the two cognito users and it is not possible to restrict dashboards for them.

Actually what I really wanna do is to have one Quicksight user for each Cognito user. It should be something like 'RoleName/UserCredentials' and not be using the cognito user pool credentials.

Is that possible? How can I use the user credentials (id token)?

Please, your prompt reply is highly appreciated.

Regards,
Bruno

The big-data blog post url no longer exists - does it live anywhere else ? Thanks

I'm getting a cloudformation error related to "CodeUri"
This works..

      CodeUri: 
        Bucket: bucket-name
        Key: lambda.zip

does this code suffer from the confused deputy vulnerability?

it looks as though the frontend sends an arbitrary URL to a lambda, which then requests it and returns the payload, without any sanitisation 🤔

Hi,
I have followed all mentioned steps to integrate AWS cognito to one end point (e.g, "https://google.com")
After finishing configuration part, I was successfully got opened out cloudFrount link for creating account, but I'm getting message like Token expired or invalid signing out! while signing up.

Please help me to solve this issue.

I am trying to follow your sample to build quicksight with cognito, but I get this error message when I access the static website

Uncaught TypeError: AWSCognito.CognitoIdentityServiceProvider.CognitoAuth is not a constructor

I had already involved aws-cognito-sdk.js and amazon-cognito-auth.min.js

We used these library.

 <script src="aws-cognito-sdk.js"></script>
 <script src="amazon-cognito-auth.min.js"></script>

We got the error below.

Uncaught TypeError: cognitoUser.getUserAttributes is not a function

cognitoUser.getUserAttributes(function(err, result) {
        if (err) {
            alert(err);
            return;
        }
        userData = result;
    });

We followed the document

It seems that current library does not support getUserAttribute. Is there any possible way to get or update userAttribute?