Seeking Help for Configuring QuickSight Dashboards in Kiosk Mode with Azure AD (MS Entra) Integration

Question & Answer
, ,
2

Hi @Francesco_Guaiana, welcome to the QuickSight Community. Certainly! To create a comprehensive, secure, and analytics-driven setup for displaying AWS QuickSight dashboards in kiosk mode, lt’s look at a high-level solutions architecture using AWS API Gateway and Lambda to create a serverless web hosting solution, then we can integrate AWS CloudWatch, AWS CloudTrail, and OpenSearch for logging and monitoring.

Here’s a high-level approach integrating these components along with enhanced security measures.

1. Create and Publish Dashboards:

  • Design and publish the dashboards you need in AWS QuickSight.

2. Generate Embed URLs:

  • Use the QuickSight console or API to generate embed URLs for each of the dashboards. These URLs allow you to embed the dashboards in a web page. Official Documentation on Embedding.

3. Develop a Web Application for Kiosk Mode:

  • Web Application: Create a simple web application using HTML, CSS, and JavaScript to display the dashboards.

Example Structure:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>QuickSight Dashboard Kiosk</title>
    <style>
        body, html {
            height: 100%;
            margin: 0;
        }
        iframe {
            width: 100%;
            height: 100%;
            border: none;
        }
    </style>
</head>
<body>
    <iframe id="dashboard" src=""></iframe>
    <script>
        const dashboards = [
            'embed_url_1',
            'embed_url_2',
            'embed_url_3'
        ];
        let currentDashboard = 0;

        function rotateDashboard() {
            document.getElementById('dashboard').src = dashboards[currentDashboard];
            currentDashboard = (currentDashboard + 1) % dashboards.length;
        }

        // Initial load
        rotateDashboard();

        // Rotate every 2 minutes
        setInterval(rotateDashboard, 2 * 60 * 1000);
    </script>
</body>
</html>

4. Deploying the Web Application Using API Gateway and Lambda:

Step-by-Step Setup:

  1. Create a Lambda Function:
  • Write a Lambda function that serves the HTML content.
  • Use the AWS Lambda Management Console to create a new function.
  • Upload your HTML file to the function.
  1. Create an API Gateway:
  • Use the API Gateway console to create a new HTTP API.
  • Set up an endpoint that triggers the Lambda function.
  • Deploy the API to make it accessible over the internet.
  1. Configure CORS:
  • Enable CORS in API Gateway to allow your web application to be accessed from different origins.

5. User Authentication and Access Control:

  • Authentication Integration: Integrate the web application with Azure AD for seamless authentication using OAuth2 or SAML.
  • Session Management: Implement token refresh logic to keep sessions active. Use libraries like MSAL.js for handling Azure AD authentication.

6. Security Measures:

  • AWS WAF (Web Application Firewall): Protect your application from common web exploits by setting up AWS WAF.
  • AWS Shield: Use AWS Shield for DDoS protection.
  • AWS GuardDuty: Enable AWS GuardDuty to monitor and detect potential security threats within your AWS environment.
  • AWS IAM: Ensure proper IAM roles and policies are in place to control access to your QuickSight dashboards and other resources.

7. Configuration of AWS WAF and GuardDuty:

AWS WAF:

  1. Create Web ACL: Set up a Web Access Control List (ACL) with rules to filter out malicious requests.
  2. Add Rules: Include managed rules for common threats (e.g., SQL injection, XSS).
  3. Associate Web ACL: Attach the Web ACL to the API Gateway endpoint serving your web application.

AWS GuardDuty:

  1. Enable GuardDuty: Turn on GuardDuty in your AWS account.
  2. Configure Findings: Set up notifications and monitoring for GuardDuty findings.
  3. Integrate with AWS Security Hub: Use Security Hub for a centralized view of security alerts and compliance status.

8. Optimizing for Continuous Display:

  • Kiosk Mode Configuration: Configure your display devices to run in kiosk mode, disabling user interactions and browser UI elements.
  • Auto-Restart and Recovery: Use scripts or tools to ensure the browser and web application auto-restart in case of failures.

9. Enable CloudWatch and CloudTrail for Logging and Monitoring:

Setup CloudWatch:

  1. Create Log Groups and Log Streams:
  • Configure your Lambda function to send logs to CloudWatch.
  • Use the CloudWatch console to create log groups and streams if needed.
  1. Configure Metrics and Alarms:
  • Set up metrics to monitor the health and performance of your application.
  • Create alarms to notify you of any issues (e.g., high error rates, latency).

Setup CloudTrail:

  1. Enable CloudTrail:
  • Turn on CloudTrail to capture API calls and activity within your AWS account.
  • Create a trail to log data events for Lambda and API Gateway.
  1. Integrate with CloudWatch:
  • Configure CloudTrail to send logs to CloudWatch for centralized monitoring and analysis.

10. Use Amazon OpenSearch for Analytics:

Step-by-Step Setup:

  1. Create an OpenSearch Domain:
  • Use the OpenSearch console to create a new domain.
  1. Ingest Data into OpenSearch:
  • Configure CloudWatch Logs to stream log data to OpenSearch.
  • Use AWS Lambda or Kinesis Data Firehose to transform and load data into OpenSearch.
  1. Visualize and Analyze Data:
  • Use OpenSearch Dashboards to create visualizations and dashboards for your log data.
  • Monitor metrics and trends to gain insights into the performance and usage of your kiosk application.

By following this comprehensive approach, you can ensure a robust, secure, and analytics-driven setup for your AWS QuickSight dashboards in kiosk mode, leveraging AWS serverless technologies and enhanced security measures.