Seeking Help for Configuring QuickSight Dashboards in Kiosk Mode with Azure AD (MS Entra) Integration

Question & Answer
, ,
1

Hello QuickSight Community,

I am seeking advice or solutions for setting up AWS QuickSight dashboards in a kiosk mode. Our setup requires the dashboards to be displayed continuously on monitors, with the content being purely for viewing purposes without any user interaction. Here are the specifics of our situation:

  1. Kiosk Mode Requirement: We need to have several QuickSight dashboards displayed in a “kiosk” mode, meaning they should be on continuous display on monitors for consultation only (no user interaction).
  2. Dashboard Rotation: Every 2 minutes, the displayed dashboard should automatically rotate among three different dashboards.

The access to these dashboards is controlled via Azure AD, and we are looking for a stable and robust solution that allows for seamless, continuous operation without frequent logins or manual interventions.

Could anyone share insights, experiences, or recommend configurations that could facilitate this setup? Specifically, we are interested in any tips on managing session timeouts and ensuring a smooth transition between dashboards.

Thank you in advance for your help and suggestions!

2

Hi @Francesco_Guaiana, welcome to the QuickSight Community. Certainly! To create a comprehensive, secure, and analytics-driven setup for displaying AWS QuickSight dashboards in kiosk mode, lt’s look at a high-level solutions architecture using AWS API Gateway and Lambda to create a serverless web hosting solution, then we can integrate AWS CloudWatch, AWS CloudTrail, and OpenSearch for logging and monitoring.

Here’s a high-level approach integrating these components along with enhanced security measures.

1. Create and Publish Dashboards:

  • Design and publish the dashboards you need in AWS QuickSight.

2. Generate Embed URLs:

  • Use the QuickSight console or API to generate embed URLs for each of the dashboards. These URLs allow you to embed the dashboards in a web page. Official Documentation on Embedding.

3. Develop a Web Application for Kiosk Mode:

  • Web Application: Create a simple web application using HTML, CSS, and JavaScript to display the dashboards.

Example Structure:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>QuickSight Dashboard Kiosk</title>
    <style>
        body, html {
            height: 100%;
            margin: 0;
        }
        iframe {
            width: 100%;
            height: 100%;
            border: none;
        }
    </style>
</head>
<body>
    <iframe id="dashboard" src=""></iframe>
    <script>
        const dashboards = [
            'embed_url_1',
            'embed_url_2',
            'embed_url_3'
        ];
        let currentDashboard = 0;

        function rotateDashboard() {
            document.getElementById('dashboard').src = dashboards[currentDashboard];
            currentDashboard = (currentDashboard + 1) % dashboards.length;
        }

        // Initial load
        rotateDashboard();

        // Rotate every 2 minutes
        setInterval(rotateDashboard, 2 * 60 * 1000);
    </script>
</body>
</html>

4. Deploying the Web Application Using API Gateway and Lambda:

Step-by-Step Setup:

  1. Create a Lambda Function:
  • Write a Lambda function that serves the HTML content.
  • Use the AWS Lambda Management Console to create a new function.
  • Upload your HTML file to the function.
  1. Create an API Gateway:
  • Use the API Gateway console to create a new HTTP API.
  • Set up an endpoint that triggers the Lambda function.
  • Deploy the API to make it accessible over the internet.
  1. Configure CORS:
  • Enable CORS in API Gateway to allow your web application to be accessed from different origins.

5. User Authentication and Access Control:

  • Authentication Integration: Integrate the web application with Azure AD for seamless authentication using OAuth2 or SAML.
  • Session Management: Implement token refresh logic to keep sessions active. Use libraries like MSAL.js for handling Azure AD authentication.

6. Security Measures:

  • AWS WAF (Web Application Firewall): Protect your application from common web exploits by setting up AWS WAF.
  • AWS Shield: Use AWS Shield for DDoS protection.
  • AWS GuardDuty: Enable AWS GuardDuty to monitor and detect potential security threats within your AWS environment.
  • AWS IAM: Ensure proper IAM roles and policies are in place to control access to your QuickSight dashboards and other resources.

7. Configuration of AWS WAF and GuardDuty:

AWS WAF:

  1. Create Web ACL: Set up a Web Access Control List (ACL) with rules to filter out malicious requests.
  2. Add Rules: Include managed rules for common threats (e.g., SQL injection, XSS).
  3. Associate Web ACL: Attach the Web ACL to the API Gateway endpoint serving your web application.

AWS GuardDuty:

  1. Enable GuardDuty: Turn on GuardDuty in your AWS account.
  2. Configure Findings: Set up notifications and monitoring for GuardDuty findings.
  3. Integrate with AWS Security Hub: Use Security Hub for a centralized view of security alerts and compliance status.

8. Optimizing for Continuous Display:

  • Kiosk Mode Configuration: Configure your display devices to run in kiosk mode, disabling user interactions and browser UI elements.
  • Auto-Restart and Recovery: Use scripts or tools to ensure the browser and web application auto-restart in case of failures.

9. Enable CloudWatch and CloudTrail for Logging and Monitoring:

Setup CloudWatch:

  1. Create Log Groups and Log Streams:
  • Configure your Lambda function to send logs to CloudWatch.
  • Use the CloudWatch console to create log groups and streams if needed.
  1. Configure Metrics and Alarms:
  • Set up metrics to monitor the health and performance of your application.
  • Create alarms to notify you of any issues (e.g., high error rates, latency).

Setup CloudTrail:

  1. Enable CloudTrail:
  • Turn on CloudTrail to capture API calls and activity within your AWS account.
  • Create a trail to log data events for Lambda and API Gateway.
  1. Integrate with CloudWatch:
  • Configure CloudTrail to send logs to CloudWatch for centralized monitoring and analysis.

10. Use Amazon OpenSearch for Analytics:

Step-by-Step Setup:

  1. Create an OpenSearch Domain:
  • Use the OpenSearch console to create a new domain.
  1. Ingest Data into OpenSearch:
  • Configure CloudWatch Logs to stream log data to OpenSearch.
  • Use AWS Lambda or Kinesis Data Firehose to transform and load data into OpenSearch.
  1. Visualize and Analyze Data:
  • Use OpenSearch Dashboards to create visualizations and dashboards for your log data.
  • Monitor metrics and trends to gain insights into the performance and usage of your kiosk application.

By following this comprehensive approach, you can ensure a robust, secure, and analytics-driven setup for your AWS QuickSight dashboards in kiosk mode, leveraging AWS serverless technologies and enhanced security measures.

3

Session Timeouts and Smooth Transition is handled in the JS Layers – more details here

4

Also, watch your cost – review the pricing model with your account manager.