Go to CloudWatch
Click on “Events” > “Rules”
Click on the button “Create rule”
In the “Rule Detail”, we put a “Name” and “Description” and leave the default configuration as shown below:
In the “Event Source”, we will choose “AWS events or EventBridge partner events”:
Below, in the “Sample event” box, we will select “AWS Events” and search for “WorkSpaces Access”:
Scrolling down, in the “Creation Method”, we will choose “User pattern form”:
In the last step, in “Event pattern”, we will select:
• Event Source: “AWS Services”
• AWS Service: “WorkSpaces”
• Event Type: “WorkSpaces Access”
Click on “Next”. In the targets, for “Target 1” choose:
Target Type: “AWS Service”
Select a target: “CloudWatch Log Group”
Log Group: “/aws/events/%WorkSpaceAccess”
Configure the tags (optional):
And create the rule:
Also, in the Step 1 “Targets”:
Click “Add Target”
Choose “CloudWatch log group”
Point the “Log Group” to
Click “Configure details”
In the Step 2, set name to “WorkSpaceAccess” and write some description
Leave the state as “Enabled” and click “Create rule”
It should show a success banner as:
Make sure that the PortalReadCloudwatch policy has the configuration set to:
(JSON format below)
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: [
“logs:ListTagsLogGroup”,
“logs:GetLogRecord”,
“cloudwatch:GetMetricData”,
“logs:DescribeLogStreams”,
“logs:DescribeSubscriptionFilters”,
“logs:StartQuery”,
“logs:DescribeMetricFilters”,
“logs:GetLogDelivery”,
“logs:ListLogDeliveries”,
“cloudwatch:DescribeAlarmHistory”,
“cloudwatch:DescribeAlarmsForMetric”,
“logs:GetLogEvents”,
“logs:FilterLogEvents”,
“cloudwatch:GetMetricWidgetImage”,
“logs:DescribeResourcePolicies”,
“logs:DescribeDestinations”,
“logs:DescribeQueries”,
“cloudwatch:GetDashboard”,
“logs:DescribeLogGroups”,
“logs:StopQuery”,
“logs:TestMetricFilter”,
“cloudwatch:GetMetricStatistics”,
“logs:DescribeExportTasks”,
“logs:GetQueryResults”,
“cloudwatch:DescribeAlarms”,
“logs:GetLogGroupFields”
],
“Resource”: “*”
}
]
}
Click on “Logs” > “Log groups” > verify the new Log group exist
Now, in WorkSpaces Manager, in the ‘Config’ section, click on “Options” > “Settings”. Scroll down to the ‘Amazon Web Services’ section and populate the fields “AccessLog Group” with the information:
/aws/events/WorkSpaceAccess
Post your comment on this topic.