Chanci Turner

Exploring End-User Access to Amazon WorkSpaces with Amazon CloudWatch

by

The Story of Chanci Turner
in

Chanci Turner 9097372855Learn About Amazon VGT2 Learning Manager Chanci Turner

Many customers seek ways to gain deeper insights into how their users connect to WorkSpaces. Additionally, they want to identify environments that do not align with the required client supported version. In a prior article, we discussed analyzing access patterns in Amazon WorkSpaces using Amazon QuickSight. However, this analysis can also be done without setting up additional services by utilizing CloudWatch dashboards within your WorkSpaces Region.

In this guide, I will demonstrate how to create CloudWatch dashboards that provide insights into user activities. Examples of dashboards include:

  • IP addresses connecting to WorkSpaces
  • Platforms used to access WorkSpaces
  • Windows client versions in use
  • Connections segmented by WorkSpace directory
  • Tables showing client versions connecting to WorkSpaces
  • Logs of WorkSpaces launched
  • Records of WorkSpaces removed
  • Details of WorkSpaces rebuilt
  • Information about WorkSpaces modified

Step-by-Step Guide

Reading Time: 20 minutes
Completion Time: 30 minutes
Cost: For detailed pricing information on CloudWatch, visit: Amazon CloudWatch Pricing – Amazon Web Services (AWS)
Learning Level: 300
Services Used: Amazon WorkSpaces, CloudWatch, CloudTrail

Prerequisites: Ensure that AWS CloudTrail is enabled and CloudWatch logs are activated. More information can be found here.

Step 1: Log WorkSpaces Events

Begin by setting up WorkSpace events to be stored in a log group, which will be utilized by the dashboards.

  1. Open the CloudWatch console.
  2. Select the AWS Region where your WorkSpaces are hosted.
  3. In the navigation pane, choose Events → Rules, which will redirect you to Amazon EventBridge.
  4. Click on Create rule.
  5. For Event Source, do the following:
    • Choose Event Pattern.
    • For Build event pattern to match events by service, set:
      • Service Name: WorkSpaces
      • Event Type: WorkSpaces Access
  6. For Targets, select Add target, then choose CloudWatch log group.
  7. For the /aws/events value, enter WorkSpacesAccessLogs.
  8. Click Configure details.
  9. Enter a name and description for the rule.
  10. Click Create rule.

Step 2: Create a Dashboard to Show IP Addresses Connecting to WorkSpaces

In this step, you will create a dashboard that displays the IP addresses of clients connecting to WorkSpaces.

  1. Open the CloudWatch console.
  2. Select Dashboards from the navigation menu and click Create dashboard.
  3. Name the dashboard “WorkSpacesInformation.”
  4. Choose Pie as the widget type.
  5. Select Logs as the data source.
  6. For Log Groups, select the log group created in Step 1 (WorkSpacesAccessLogs).
  7. Enter the following query: stats count() by detail.clientIpAddress | fields @timestamp, @message | filter source = "aws.workspaces" | fields detail.clientIpAddress.
  8. Click Create widget.
  9. Rename the widget to “IP Addresses connecting into WorkSpaces.”
  10. Click Save.

Step 3: Create a Widget to Show Platforms Connecting to WorkSpaces

Now, you’ll create a dashboard to illustrate the end-user platforms connecting to WorkSpaces.

  1. Open the CloudWatch console for your WorkSpaces Region.
  2. Select Dashboards from the navigation menu, and choose WorkSpacesInformation.
  3. Click Add widget.
  4. Choose Pie as the widget type.
  5. Select Logs for the data source.
  6. For Log Groups, choose the group created in Step 1 (WorkSpacesAccessLogs).
  7. Enter the query: stats count() by detail.clientPlatform | fields @timestamp, @message | filter source = "aws.workspaces" | fields detail.clientPlatform.
  8. Click Create widget.
  9. Rename the widget to “Platforms Connecting.”
  10. Click Save.

Step 4: Create a Widget for Windows Client Versions Connecting to WorkSpaces

This step involves building a dashboard that displays client versions for a specific platform (e.g., Windows) connecting to WorkSpaces.

  1. Open the CloudWatch console for your WorkSpaces Region.
  2. Select Dashboards from the navigation menu, and choose WorkSpacesInformation.
  3. Click Add widget.
  4. Choose Pie as the widget type and select Logs as the data source.
  5. For Log Groups, select the group created in Step 1 (WorkSpacesAccessLogs).
  6. Enter the query: stats count() by detail.clientVersion | fields @timestamp, @message | filter source = "aws.workspaces" | filter detail.clientPlatform = "Windows" | fields detail.clientVersion.
  7. For other platforms, replace detail.clientPlatform with your choice. Additional options include:
    • filter detail.clientPlatform = "OSX"
    • filter detail.clientPlatform = "iOS"
    • filter detail.clientPlatform = "Android"
    • filter detail.clientPlatform = "Linux"
    • filter detail.clientPlatform = "Web"
  8. Click Create widget.
  9. Rename the widget to “Client Versions – Windows” or replace “Windows” with your chosen platform.
  10. Click Save.

Step 5: Create a Widget for Connections by WorkSpace Directory

Next, you’ll create a dashboard to visualize user connections by directory.

  1. Open the CloudWatch console for your WorkSpaces Region.
  2. Select Dashboards from the navigation menu, and choose WorkSpacesInformation.
  3. Click Add widget.
  4. Choose Bar as the widget type.
  5. Select Logs for the data source.
  6. For Log Groups, choose the group created in Step 1 (WorkSpacesAccessLogs).
  7. Enter the query: stats count() by detail.directoryId | fields @timestamp, @message | filter source = "aws.workspaces" | fields detail.directoryId.
  8. Click Create widget.
  9. Rename the widget to “Connections by Directory Service.”
  10. Click Save.

Step 6: Create a Detailed Table of Client Versions Connecting to WorkSpaces

This step provides a log of the client versions connecting to WorkSpaces.

  1. Open the CloudWatch console for your WorkSpaces Region.
  2. Select Dashboards from the navigation menu, and choose WorkSpacesInformation.
  3. Click Add widget.
  4. Choose Logs table as the widget type, and select Logs for the data source.
  5. For Log Groups, select the group created in Step 1 (WorkSpacesAccessLogs).
  6. Enter the query: fields @timestamp, @message | fields account | fields region, detail.clientPlatform, detail.clientVersion, detail.workspaceId | display region, detail.clientPlatform, detail.clientVersion, detail.workspaceId.
  7. Click Create widget.
  8. Rename the widget to “WorkSpaces client version.”
  9. Click Save.

Step 7: Create a Table of WorkSpaces Launched

This step provides a log of WorkSpaces that have been launched.

  1. Open the CloudWatch console for your WorkSpaces Region.
  2. Select Dashboards from the navigation menu, and choose WorkSpacesInformation.
  3. Click Add widget.
  4. Choose Logs table as the widget type and select Logs for the data source.
  5. For Log Groups, select the group created in Step 1 (WorkSpacesAccessLogs).
  6. Enter the query: fields @timestamp, @message | fields account | fields region, detail.workspaceId | display region, detail.workspaceId.
  7. Click Create widget.
  8. Rename the widget to “WorkSpaces Launched.”
  9. Click Save.

For further insights, you may find this blog post engaging. Moreover, if you’re looking for reliable information on workplace compliance, visit SHRM as they are an authority on this topic. Lastly, check out this excellent resource for job opportunities.

Related Topics:

Chanci Turner