LogoLogo
  • Welcome to WorkSpaces Manager
  • Overview
    • Change Log
      • Stable
      • Beta
    • Portal Requirements
      • Software Requirements
      • Hardware Requirements
    • Installation Prerequisites
      • Active Directory Service Account
      • Amazon WorkSpaces Cost Optimizer
      • CloudWatch Log Group & Eventbridge Rule
      • Port Requirements
      • AWS Service Endpoints
    • Installation Procedure
      • Subscribe to WorkSpaces Manager License Key
      • Request a License Key
      • Subscribe to WorkSpaces Manager Appliance
      • Deploy WorkSpaces Manager Appliance via CloudFormation
      • Configure WorkSpaces Manager
    • Upgrade Procedures
      • From Version 5
      • WSM Update Tool
      • Latest Version Updates
    • Alternate deployment options
      • Install manually on EC2
      • Deployment from Shared AMI
        • Security Group
        • IAM Requirements: Custom Policies
        • IAM Requirements: Role and EC2 instance profile
        • Shared AMI (Amazon Machine Image)
      • Create AMI via Packer
      • Deploy an RDS Database via Terraform
    • WorkSpaces Performance Monitor Agent
    • High Availability (HA)
    • Appendices
      • Administrator Active Directory Permissions
      • SES Configuration
      • HTTPS/TLS Encryption
      • Friendly Portal URL Address
      • GPO and values for WorkSpaces Performance Monitor Agent
      • GPO and value for Disconnection after idle time
      • IAM Policies in JSON format
      • AWS CLI v2
      • LDAP (Active Directory) Troubleshooting for WSM
      • RDS Database Options
Powered by GitBook
On this page
  1. Overview
  2. Installation Prerequisites

CloudWatch Log Group & Eventbridge Rule

PreviousAmazon WorkSpaces Cost OptimizerNextPort Requirements

Last updated 2 months ago

The CloudFormation template for WorkSpaces Manager in the AWS Marketplace automatically creates an EventBridge Rule and a CloudWatch Log Group in the same region where the appliance is deployed. The default CloudWatch Log Group is called: "/aws/events/WorkSpacesAccessLG"

Amazon EventBridge is a serverless event bus service that allows you to respond to changes in your AWS environment or applications. It helps you build event-driven architectures by capturing real-time data from various AWS services, custom applications, or SaaS providers, and routing that data to different targets.

Amazon CloudWatch Logs, a service that collects, monitors, and stores log data from AWS resources, applications, and services. A Log Group is a container for logs, grouping together logs from similar sources, such as specific applications or AWS services. Within each Log Group, logs are organized into Log Streams (individual log files).

EventBridge can send event data to CloudWatch Logs for storage and analysis. EventBridge Rules can collect specific insights for Amazon WorkSpaces that are not available through standard APIs.

Multi-Region Deployment

When setting up WorkSpaces Manager to operate across multiple regions, it’s essential to have an EventBridge Rule linked to a CloudWatch Log Group in each region where WorkSpaces are deployed. The only caveat is that the CloudWatch Log Group must have the exact same name in every region: "/aws/events/WorkSpacesAccessLG".

To create new Rules and a CloudWatch Log Group in a different region from where WorkSpaces Manager was deployed via the CloudFormation template, navigate to EventBridge. Click on "Events" > "Rules":

Click "Create rule".

In the "Rule Detail" section, add a Name and Description (e.g., WorkSpaces_Rule) and leave the default configuration as displayed below:

In the "Event Source" section, select "AWS events or EventBridge partner events.":

Below, in the "Sample event" box, select "AWS Events" and search for "WorkSpaces Access."

Scrolling down, in the "Creation Method" section, select "User pattern form."

In the last step, under "Event pattern," select the following options:

  • Event Source: "AWS Services"

  • AWS Service: "WorkSpaces"

  • Event Type: "WorkSpaces Access"

Click on "Next". In the targets section, for "Target 1", choose:

  • Target Type: "AWS Service"

  • Select a target: "CloudWatch Log Group"

  • Log Group: "/aws/events/WorkSpacesAccessLG"

Configure the optional tags as required by your IT Policy.

And then review and create the rule:

A success banner should appear on top of the page.

On CloudWatch, click on “Logs” > “Log groups” > confirm that the new log group exists.

Now, in WorkSpaces Manager, click on the “Configuration” drop-down, select “Settings”, and then “Amazon Web Services” Scroll down to the Account settings and select account, fill in the “Access Log Group” field with the following information: /aws/events/WorkSpacesAccessLG.

Amazon Eventbridge