CloudWatch Log Group & Eventbridge Rule

Amazon EventBridge is a serverless event bus service that allows you to respond to changes in your AWS environment or applications. It helps you build event-driven architectures by capturing real-time data from various AWS services, custom applications, or SaaS providers, and routing that data to different targets.

Amazon CloudWatch Logs, a service that collects, monitors, and stores log data from AWS resources, applications, and services. A Log Group is a container for logs, grouping together logs from similar sources, such as specific applications or AWS services. Within each Log Group, logs are organized into Log Streams (individual log files).

EventBridge can send event data to CloudWatch Logs for storage and analysis. EventBridge Rules can collect specific insights for Amazon WorkSpaces that are not available through standard APIs.

Multi-Region Deployment

When setting up WorkSpaces Manager to operate across multiple regions, it’s essential to have an EventBridge Rule linked to a CloudWatch Log Group in each region where WorkSpaces are deployed. The only caveat is that the CloudWatch Log Group must have the exact same name in every region: "/aws/events/WorkSpacesAccessLG".

To create new Rules and a CloudWatch Log Group in a different region from where WorkSpaces Manager was deployed via the CloudFormation template, navigate to EventBridge. Click on "Buses" > "Rules":

Click "Create rule".

Rules can be created in two different ways:

1. Visual Rule Builder (selected by default)

2. Standard (preferred)

We recommend switching off the "Visual Rule Builder". If needed, it can still be used by applying the same logic described below for the "Standard view". The process is then divided in 5 steps:

1. Define Rule Detail

2. Build Event Pattern

3. Select Target(s)

4. Configure Tags

5. Review and Create

In the "Rule Detail" section, add a Name and Description (e.g., WorkSpaces_Rule) and leave the "default" configuration for the Event Bus, as displayed below:

In the "Events" section, select "AWS events or EventBridge partner events":

Below, in the "Sample event - optional" drop down, select "AWS Events" and search for "WorkSpaces Access."

In the last step, under "Event pattern," select the following options:

• Creation Method: "Use pattern form"

• Event Source: "AWS Services"

• AWS Service: "WorkSpaces"

• Event Type: "WorkSpaces Access"

Click on "Next". In the Select Target(s)s section, for "Target 1", choose:

• Target Type: "AWS Service"

• Select a target: "CloudWatch Log Group"

• Log Group: "/aws/events/WorkSpacesAccessLG"

Configure the optional tags as required by your IT Policy.

And then review and create the rule:

A success banner should appear on top of the page.

On CloudWatch, click on “Logs” > “Log Management” > confirm that the new log group exists.

Now, in WorkSpaces Manager, click on the “Configuration” drop-down, select “Settings”, and then “Amazon Web Services” Scroll down to the Account settings and select account, fill in the “Access Log Group” field with the following information: /aws/events/WorkSpacesAccessLG.