Learn how to integrate Amazon CloudTrail and AWS CloudWatch with AWS WorkSpaces for enhanced monitoring and security. Gain insights into user activity, resource utilization, and system performance. Discover the power of AWS WorkSpaces in optimizing your cloud environment.
Here is some quick background information on each solution before we set it up.
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.
AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
AWS CloudTrail use cases include:
- Audit activity
- Identify security incidents
- Troubleshoot operational issues
So now let’s start with the deployment:
(Big thanks to Troy Couch – Associate Director, EUC here at Entisys360 for the technical content below!)
Requirements
- This blog assumes you already deployed AWS WorkSpaces
- A secured S3 bucket for storing the logs
We will setup CloudTrail first
- Browse to Services -> CloudTrail
Click Create a trail
- Enter a Trail name (example: WorkSpaces-Events
Click Create trail
- Confirm successful creation of trail by verify the Status is Logging in green
- Click on the Trail name to open properties
Click Edit for CloudWatch Logs
- Check Enabled for CloudWatch Logs
Select Existing for Log group
Select New for IAM Role
Click Save changes - Confirm CloudWatch settings enabled for CloudTrail
- Select CloudTrail > Event History
- Browse to Services > CloudWatch
Select Metrics > All Metrics
- Select WorkSpaces
- Click By Organization Name
- Check All items
- Click on Graphed Metrics tab
Click All items
- Select Stacked area for graph type
- Select CloudWatch
- Select WorkSpaces
- Graphed data is now reported in Dashboard
Useful Metrics:
– Session Launch Time
– In Session Latency Average
– Connection Failure Summary
– User Connected Summary
Now let’s use CloudWatch against the CloudTrail logs:
- Select Logs > Logs Insights
- Select WorkSpaces CloudTrail log group
Click Run query - Review log insights
As you learn more about the query commands you can look for specific users, events or timestamps.
Here are a few more links to further your query skills:
Sample queries – Amazon CloudWatch Logs
Tutorial: Run and modify a sample query – Amazon CloudWatch Logs
Please contact Entisys360 or your Entisys360 Account Executive, if you would like to learn more about integrating AWS WorkSpaces with other AWS services for a more cloud native VDI deployment.
