Our solution used the following components:
👉 The Amazon Cognito hosted UI provided by the app integration domain (dashboard.business-insight.io) performs all sign-in, verification, and authentication logic for the web app. This allows only to authenticate users. The users are only registered by the Cognito administrators.
👉 After a user is authenticated with a valid username and password, an OpenID Connect token (ID token) is sent to Amazon IAM Federated Identities. The token retrieves temporary AWS credentials based on an IAM role with “quickSight:RegisterUser/CreateUser” permissions.
👉 The ID token, along with the encoded URL, is sent to API Gateway to authorize the API call.
👉 The URL is passed on to a Lambda function that calls the Quicksight API to access the published dashboards and embed them into the Web page provided by the Lambda Function.