Go to CloudWatch

Click on “Events” > “Rules”

Click on the button “Create rule”

In the “Rule Detail”, we put a “Name” and “Description” and leave the default configuration as shown below:

In the “Event Source”, we will choose “AWS events or EventBridge partner events”:

Below, in the “Sample event” box, we will select “AWS Events” and search for “WorkSpaces Access”:

Scrolling down, in the “Creation Method”, we will choose “User pattern form”:

In the last step, in “Event pattern”, we will select:
• Event Source: “AWS Services”
AWS Service: “WorkSpaces”
• Event Type: “WorkSpaces Access”

Click on “Next”. In the targets, for “Target 1” choose:
Target Type: “AWS Service”
Select a target: “CloudWatch Log Group”
Log Group: “/aws/events/%WorkSpaceAccess”

Configure the tags (optional):

And create the rule:

Also, in the Step 1 “Targets”:
Click “Add Target”
Choose “CloudWatch log group”
Point the “Log Group” to

Click “Configure details”
In the Step 2, set name to “WorkSpaceAccess” and write some description
Leave the state as “Enabled” and click “Create rule”

It should show a success banner as:

Make sure that the PortalReadCloudwatch policy has the configuration set to:

(JSON format below)

 “Version”: “2012-10-17”,
 “Statement”: [
   “Sid”: “VisualEditor0”,
   “Effect”: “Allow”,
   “Action”: [
   “Resource”: “*”

Click on “Logs” > “Log groups” > verify the new Log group exist

Now, in WorkSpaces Manager, in the ‘Config’ section, click on “Options” > “Settings”. Scroll down to the ‘Amazon Web Services’ section and populate the fields “AccessLog Group” with the information:


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment