How do I troubleshoot CloudWatch dashboard sharing issues?

Short description

The CloudWatch dashboard sharing feature uses Amazon Cognito. When you turn on dashboard sharing, CloudWatch creates the Cognito user pool CloudWatchDashboardSharing in the US East (N. Virginia) AWS Region (us-east-1). If you didn't previously share a dashboard, then CloudWatch creates Cognito APIs, such as CreateUserPool, to create and configure the user pool in US East (N. Virginia).

When you share a CloudWatch dashboard, you might encounter the following issues:

• Users don't receive a verification email that the dashboard was shared.
• You can't reset the temporary password with the password reset request.
• You can't use a user pool in a Region that's not US East (N. Virginia).
• The widgets aren't visible.

Resolution

Troubleshoot your CloudWatch dashboard sharing issues based on the following issues:

Users don't receive a verification email that the dashboard was shared

For each AWS account, the CloudWatch dashboard sharing feature uses the same CloudWatchDashboardSharing Cognito user pool in US East (N. Virginia). If you're registered to share dashboards, then your email address can't be used for another user registration. When you use your same email address to share another dashboard, Cognito doesn't send you a user verification email. Cognito doesn't send you a user verification email because you're already in the user pool. Instead, Cognito automatically adds you to the dashboard group and you can use the same username and password to open the shared CloudWatch dashboard.

You can't reset the temporary password with the password reset request

If you receive a temporary password from an administrator, then you have seven days to use the password or until the user account expires. The user account expiration date is specified when CloudWatch creates the user pool. If you don't reset the temporary password before the expiration, then Cognito sets the user's account status to FORCE_CHANGE_PASSWORD. You can reset your password only when the status is CONFIRMED.

To check your account status, complete the following steps:

1. Open the Cognito console.
2. Choose User pool, and then choose CloudWatchDashboardSharing.
3. Choose General setting, and then choose Users & Group.

To reset your password, run the following admin-create-user command:

Note: Replace example-user-pool-id with the user pool ID and example-user with the username.

aws cognito-idp admin-create-user --user-pool-id example-user-pool-id --username example-user --message-action RESEND --region us-east-1

You can't use a user pool in a Region that's not US East (N. Virginia)

Although the CloudWatch dashboard has cross-Region functionality, the dashboard sharing feature is limited to user pools in US East (N. Virginia). If you create a user pool in another Region, then the console doesn't display the correct shared status and doesn't receive the shareable link.

The widgets aren't visible

The CloudWatch dashboard sharing feature doesn't support some dashboard features, such as cross-account alarms and metrics explorer widgets. To share a dashboard that has dashboard sharing turned on, don't use certain widgets.