img_blog

Using Amazon CloudWatch to Monitor and Log Your Amazon WorkSpaces Deployment

Use these best practices to monitor the health and connection status of individual Amazon WorkSpaces and deployments with Amazon CloudWatch

Key Takeaways

  • Organizations are increasingly using Amazon WorkSpaces to empower remote workers, but they must be able to monitor the performance and security of their WorkSpaces. 
  • Amazon CloudWatch lets organizations retrieve, monitor, and analyze WorkSpaces data and insights. 
  • By using CloudWatch for individual WorkSpaces, you can enjoy seamless access to data and use this information to uncover ways to improve AWS app and system performance and resource utilization. 
  • Tracking the right WorkSpaces metrics and events with CloudWatch and CloudWatch Events lets you verify the performance and security of individual WorkSpaces. 

Organizations around the world are using Amazon WorkSpaces to quickly provision Linux and Windows desktops so their teams can work remotely. But in order to get the most value out of your WorkSpaces, you need to be able to log performance and monitor security threats. Amazon CloudWatch is a great way to keep your teams on track and working in a secure environment.

What is Amazon CloudWatch?

CloudWatch is a monitoring and observability service that provides data and insights to track application usage, system-wide performance changes, resource utilization, and operational health. It retrieves a variety of data, including:

  • Logs
  • Metrics
  • Events

CloudWatch provides a unified view of resources, applications, and services that run on Amazon Web Services (AWS) and on-premises servers. It lets you detect anomalous behavior in these server environments, create alarms, and visualize logs and metrics. Plus, CloudWatch allows you to troubleshoot issues and identify ways to keep your applications running at peak levels.

3 benefits of monitoring and logging WorkSpaces with CloudWatch

There are many reasons why organizations use CloudWatch to monitor and log WorkSpaces. These are three of the most important:

1. Seamless access to data 

CloudWatch lets you collect, access, and correlate data from across your AWS resources, apps, and services on a single platform. That way, CloudWatch provides system-wide visibility to help you break down data silos and quickly resolve issues.

2. Simple, effective data monitoring 

CloudWatch simplifies data monitoring across your AWS cloud environment. It integrates with more than 70 AWS services and automatically publishes detailed and custom metrics with up to one-second granularity. That way, you can conduct a deep dive into your logs for additional context. You can even use the CloudWatch Agent or API to monitor on-premises resources.

3. Enhanced operational performance and resource use

CloudWatch lets you set alarms and automate actions based on predefined thresholds and machine learning algorithms that identify anomalous behaviors in your metrics. You can use these to automatically scale cloud instances, trigger workflows with various AWS services, and more. The result: CloudWatch helps you optimize the operational performance and resource use associated with your AWS apps and services. 

How to conduct monitoring and logging of individual WorkSpaces with CloudWatch

CloudWatch makes it easy to monitor and log the health and connection status of individual WorkSpaces. Here’s what you need to do:

1. Determine which metrics to track

CloudWatch provides metrics per WorkSpace or aggregated for all WorkSpaces in an organization within a given directory. These metrics are viewed via the AWS Management Console, CloudWatch APIs, accessed via CloudWatch APIs, and monitored via CloudWatch alarms and third-party tools.  

Initially, the following CloudWatch metrics are available free of charge:

  • Available: WorkSpaces that respond to a status check 
  • Unhealthy: WorkSpaces that don’t respond to a status check
  • ConnectionAttempt: Number of connection attempts made to a WorkSpace
  • ConnectionSuccess: Number of successful connection attempts
  • ConnectionFailure: Number of failed connection attempts. 
  • SessionLaunchTime: Time required to initiate a session (measured by the WorkSpaces client).
  • InSessionLatency: Total time between the WorkSpaces client and WorkSpaces (measured and reported by the client).
  • SessionDisconnect: Number of user-initiated and automatically closed sessions
  • Stopped: Number of WorkSpaces unavailable
  • Maintenance: Number of WorkSpaces under maintenance

To establish CloudWatch metrics, activate access on port 443 on the AMAZON subset in the us-east-1 Region. Once you have CloudWatch metrics in place, you can filter them by DirectoryId or WorkspaceId.

2. Submit events to Amazon CloudWatch Events

Monitoring events from CloudWatch Events lets you view, search, download, archive, analyze, and respond to WorkSpace logins. With it, you can:

  • Store or archive WorkSpaces login events
  • Analyze event logs to identify patterns and take action based on those patterns as needed 
  • Use a WAN IP address to determine where users are logged in from
  • Create and implement policies to ensure only authorized users can access WorkSpace files or data based on the type of CloudWatch Event 
  • Evaluate login data in near-real-time
  • Automate actions via AWS Lambda

WorkSpaces events are represented as JSON objects. To establish a CloudWatch rule to handle WorkSpaces events, you should:

     1. Open the CloudWatch console
     2. Select Events in the navigation pane
     3. Choose Create Rule
     4. Select Event Source
     5. Choose Event Pattern
     6. Choose Build event pattern to match events by Service
     7. Choose WorkSpaces as the Service Name
     8. Choose WorkSpaces Access as the Event Type
     9. Choose Add Target and select the service that will respond when a WorkSpaces event is detected and provide information required by this service
     10. Choose Configure Details and enter a name and description for Rule Definition
     11. Choose Create Rule

WorkSpaces client applications send WorkSpaces Access events to CloudWatch Events any time a user successfully logs in to a WorkSpace.

3. Log WorkSpaces API Calls

Along with using CloudWatch, you can integrate the WorkSpaces API with AWS CloudTrail to capture API calls for WorkSpaces as events. This lets you capture calls from the WorkSpaces console and code calls to the WorkSpaces API operations. 

To establish an ongoing record of events in WorkSpaces, create a trail. A trail lets CloudTrail log WorkSpaces events and deliver the associated log files to a designated Amazon S3 bucket. You can also configure other AWS services to further analyze and act on event data collected in CloudTrail logs. 

You can create a trail by specifying the settings for delivery of WorkSpaces events log data to the Amazon S3 bucket of your choice. By creating a trail, you can enable continuous delivery of WorkSpaces events and other CloudTrail events to an Amazon S3 bucket. Then, you can use this information to determine the request that was made to WorkSpaces, the IP address from which the request was made, and other details.

Take the guesswork out of monitoring and logging Amazon WorkSpaces

WorkSpaces empowers your organization to support remote workers and ensure they can use a best-in-class desktop-as-a-service (DaaS) to stay on track. How you monitor and log those deployments can have far-flung effects on your organization and its workforce. 

If you use CloudWatch for individual WorkSpace monitoring and logging, you’re well-equipped to help your employees get the most value out of their WorkSpaces. But, in order to fully utilize CloudWatch for your WorkSpaces, you may want to work with an Amazon Managed Service Partner like CloudHesive

CloudHesive can help you launch, manage, and secure WorkSpaces. With our support, you can instantly provision Linux and Windows desktops to thousands of workers around the globe in minutes. Contact us today to learn how we can help you monitor and log your WorkSpaces.