Appendix 2

In order to capture additional information from users and its connections, you need to set up a CloudWatch Log Group that will grant WSM access to information such as latency, client version, public IP, location of IP, etc.

The configuration of CloudWatch is standard and based on the AWS Service, so we will go to the CloudWatch service console in the region we want to configure:

Click on “Events” > “Rules” > “Create Rules”

In Step 1, called “Event Source”:
• Choose “Event Pattern”
• Choose “Service Name” as “WorkSpaces”
• Choose “Event Type” as “WorkSpaces Access”

Also, in Step 1 “Targets”:
Click “Add Target”
Choose “CloudWatch log group”
Point the “Log Group” to “/aws/events/ WorkSpaceAccess”

Click “Configure details”
In Step 2, set name to “WorkSpaceAccess” and provide a description
Leave the state as “Enabled” and click “Create rule”

You should receive a success banner like this:

Make sure that the PortalReadCloudwatch policy has the configuration set to:

JSON format here

Click on “Logs” > “Log groups” > verify the new Log group exist:

Now, in WorkSpaces Manager, in the ‘Config’ section, click on “Options” > “Settings”. Scroll down to the ‘Amazon Web Services’ section and populate the fields “AccessLog Group” with the information:

/aws/events/WorkSpaceAccess