Initial Setup

1. Set up SSO for CloudWatch dashboard sharing

   1. When setting Identity Providers on the Cognito User Pool, choose SAML

   2. When prompted for a Metadata document

      1. Upload the IdP Metadata from SAML.to for your User or Organization

   3. When prompted for the Provider name

      1. Input saml-to

2. In Dashboard Sharing, select saml-to as the Identity Provider

3. Go to the desired Dashboard in CloudWatch

   1. Click Actions then Share Dashboard

   2. Under Share all your account’s CloudWatch dashboards using single sign-on (SSO)

      1. Under Resources

         1. Make note of the Sharable Link (e.g. https://cloudwatch.amazonaws.com/dashboard.html?...)

         2. Navigate to the Cognito UserPoolIdentityProvider

            1. Make note of the User Pool ID (e.g. us-east-1_Q046sC47y)

            2. Under Make note of the Cognito Domain (e.g. https://cw-db-580360238192.auth.us-east-1.amazoncognito.com)

4. Edit saml-to.yml in your configured repository and make the following changes:

providers:
  ...
  my-dashboard:
    loginUrl: 'YOUR_DASHBOARD_SHAREABLE_LINK'
    entityId: 'urn:amazon:cognito:sp:YOUR_USER_POOL_ID'
    acsUrl: 'YOUR_COGNITO_DOMAIN/saml2/idpresponse'
    nameIdFormat: email
  ...
permissions:
  ...
  my-dashboard:
    users:
      github:
        - YOUR_GITHUB_USER_ID
        - ANOTHER_GITHUB_USER_ID

• Replace YOUR_DASHBOARD_SHAREABLE_LINK with the Shareable Link above

• Replace YOUR_USER_POOL_ID with the User Pool ID above

• Replace YOUR_COGNITO_DOMAIN with the Cognito Domain above

• Replace YOUR_GITHUB_USER_ID with your GitHub Login

  • Add other GitHub users as-needed!

Opening the Dashboard

After installing the SAML.to CLI, run the following command:

saml-to login my-dashboard

Which will open a browser window to the dashboard!