Press Release Details

AWS WorkSpaces: Integrating Amazon CloudTrail and AWS CloudWatch

Learn how to integrate Amazon CloudTrail and AWS CloudWatch with AWS WorkSpaces for enhanced monitoring and security. Gain insights into user activity, resource utilization, and system performance. Discover the power of AWS WorkSpaces in optimizing your cloud environment.

Many clients initially struggle with adopting cloud native tools as they migrate VDI workloads to the public cloud. A great example of this is Amazon CloudTrail and AWS CloudWatch. While many cloud native applications leverage these tools to monitor and secure their DevOps built applications, typically we see clients not leveraging this for their AWS WorkSpaces deployment (or their Citrix on AWS EC2 or their VMware Horizon on EC2/VMware Cloud on AWS deployments).


Here is some quick background information on each solution before we set it up.

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.

AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

AWS CloudTrail use cases include:

  • Audit activity
  • Identify security incidents
  • Troubleshoot operational issues

So now let’s start with the deployment:

(Big thanks to Troy Couch – Associate Director, EUC here at Entisys360 for the technical content below!)


  • This blog assumes you already deployed AWS WorkSpaces
  • A secured S3 bucket for storing the logs

We will setup CloudTrail first

  1. Browse to Services -> CloudTrail
    Click Create a trail
  2. Enter a Trail name (example: WorkSpaces-Events
    Click Create trail
  3. Confirm successful creation of trail by verify the Status is Logging in green
  4. Click on the Trail name to open properties

    Click Edit for CloudWatch Logs
  5. Check Enabled for CloudWatch Logs
    Select Existing for Log group

    Select New for IAM Role

    Click Save changes
  6. Confirm CloudWatch settings enabled for CloudTrail
  7. Select CloudTrail > Event History
  8. Browse to Services > CloudWatch
    Select Metrics > All Metrics
  9. Select WorkSpaces
  10. Click By Organization Name
  11. Check All items
  12. Click on Graphed Metrics tab

    Click All items
  13. Select Stacked area for graph type
  14. Select CloudWatch
  15. Select WorkSpaces
  16. Graphed data is now reported in Dashboard

Useful Metrics:
– Session Launch Time
– In Session Latency Average
– Connection Failure Summary
– User Connected Summary

Now let’s use CloudWatch against the CloudTrail logs:

  1. Select Logs > Logs Insights
  2. Select WorkSpaces CloudTrail log group

    Click Run query
  3. Review log insights

    As you learn more about the query commands you can look for specific users, events or timestamps.

Here are a few more links to further your query skills:
Sample queries – Amazon CloudWatch Logs
Tutorial: Run and modify a sample query – Amazon CloudWatch Logs

Please contact Entisys360 or your Entisys360 Account Executive, if you would like to learn more about integrating AWS WorkSpaces with other AWS services for a more cloud native VDI deployment.

Written By: Al Solorzano