Monitor Amazon WorkSpaces at Scale with Custom CloudWatch Dashboard Templates

Managing a fleet of virtual desktops means staying ahead of performance issues before they become help desk tickets. Whether you are running Amazon WorkSpaces personal or Amazon WorkSpaces applications, your administrators need clear, actionable visibility into how those environments are performing and how users are connecting.

Building Amazon CloudWatch dashboards from scratch is straightforward, but doing it consistently across AWS accounts and Regions takes time. To help you get started faster, AWS now provides pre-built AWS CloudFormation templates that deploy purpose-built CloudWatch dashboards in minutes. In this post, you will learn about six templates across WorkSpaces personal and WorkSpaces applications, understand the business value each one delivers, and walk through deploying them in your own environment. Each template deploys with CloudFormation into the same Region as the WorkSpaces you want to monitor, and all six are available today at no additional charge beyond standard CloudWatch usage.

Why custom CloudWatch dashboards matter for WorkSpaces

Out-of-the-box CloudWatch metrics give you the raw data, but a well-designed dashboard turns that data into answers. Consider these common scenarios:

• Help desk triage – A user reports a slow session. The support engineer needs CPU, memory, latency, disk, and packet-loss metrics for that specific WorkSpace in one view, not scattered across multiple metric namespaces.
• Client version management – Security wants to know which client versions and platforms are in use so they can plan upgrade campaigns and retire outdated clients.
• ISP-related issues – Users in a particular city experience degraded performance. You need ISP-level detail, including ASN, network name, and experience scores, to determine whether the issue is on the network path rather than in the WorkSpace itself.
• Fleet health at a glance – Your WorkSpaces applications fleet is serving hundreds of concurrent sessions. You need a single pane of glass that shows fleet-level health with the ability to drill down to individual instances.
• Proactive alerting – You want to know when fleet performance thresholds are breached before users start filing tickets.

The CloudFormation templates described in this post address each of these scenarios with a one-stack deployment.

Overview of available templates

AWS provides three templates for WorkSpaces personal and three for WorkSpaces applications. The following table summarizes each template, its target persona, and the key metrics it surfaces.

WorkSpaces personal templates

Help Desk dashboard

The Help Desk dashboard is designed for frontline support. When a user calls in with a performance complaint, the support engineer enters the UserName of the WorkSpace and immediately sees seven key metrics: CPU usage, memory usage, in-session latency, root volume, user volume, packet loss, and disk usage. This single view replaces the need to navigate multiple CloudWatch metric pages and reduces mean time to resolution (MTTR) for common performance issues.

To deploy the Help Desk dashboard, open the Create Stack page in the AWS CloudFormation console using the pre-populated template link in the documentation. Provide a stack name and dashboard name, acknowledge the IAM capabilities, and choose Submit. The dashboard is typically ready in minutes.

Connection Insights dashboard

The Connection Insights dashboard answers the question: “How are my users connecting?” It displays the client versions, platforms, and IP addresses that are connected to your WorkSpaces. This information is valuable for several reasons:

• Identify users on outdated client versions to proactively notify them to upgrade.
• Understand the mix of platforms (Windows, macOS, Linux, web, mobile) accessing your environment.
• Correlate IP addresses with locations to support access reviews and compliance reporting.

During deployment, you can optionally enable an Amazon EventBridge rule that captures WorkSpaces access logs into a CloudWatch log group. You also configure the log retention period. Dynamic variables in the dashboard allow you to filter by IP address or directory, making it easy to investigate specific connection patterns.

Internet Monitoring dashboard

The Internet Monitoring dashboard uses Amazon CloudWatch Internet Monitor to surface ISP-level detail for your WorkSpaces users. It shows the city, state, ASN, network name, number of connected WorkSpaces, and performance and experience scores for each ISP. You can also filter by specific IP addresses to investigate users connecting from a particular location.

This dashboard is particularly useful when users in a specific geography report degraded performance. Instead of guessing where to look in the network path, see ISP-level performance data and determine whether the problem is upstream of AWS.

Prerequisite: You must deploy CloudWatch Internet Monitor and associate your WorkSpaces directory before this dashboard can display data. For more information, see Using Amazon CloudWatch Internet Monitor in the WorkSpaces documentation.

WorkSpaces Applications templates

Fleet Dashboard

The Fleet dashboard gives administrators a drill-down view of a specific fleet’s health. A Fleet dropdown at the top auto-populates with all fleets in the account. The dashboard shows metrics for each fleet and the instances associated with it. This is your starting point for understanding overall fleet utilization and identifying instances that may need attention.

Deployment follows the same pattern as the personal templates: open the Create Stack page with the pre-populated template link, provide a stack name and dashboard name, acknowledge IAM capabilities, and submit. The dashboard is available in CloudWatch within minutes.

User Dashboard

The User dashboard allows administrators to troubleshoot individual user experience. A UserId dropdown at the top auto-populates with all user IDs from CloudWatch metrics. This makes it easy to select a specific user and view their session metrics. This is the WorkSpaces applications equivalent of the Help Desk dashboard for WorkSpaces Personal, giving your support team a focused view for resolving user-reported issues.

Fleet Performance Alerts

The Fleet Performance Alerts template takes monitoring a step further by creating six CloudWatch alarms for a specific fleet. An Amazon Simple Notification Service (Amazon SNS) topic that sends email notifications when alarms trigger or recover. The alarms cover CPU utilization, memory utilization, in-session latency, disk read operations, disk write operations, and bandwidth. During deployment, you provide the fleet name and a notification email address. After the stack is created, you will receive a confirmation email from Amazon SNS. You must confirm the subscription to start receiving alerts.

Each alarm triggers when the metric breaches its threshold for two consecutive 5-minute periods and recovers automatically when it drops back below:

• CPU utilization per instance: > 80%
• Memory utilization per instance: > 85%
• In-session latency: > 200 ms
• Disk read operations: > 1,000
• Disk write operations: > 1,000
• Bandwidth: > 5,000 kbps

These thresholds are the template defaults. Review and tune them in the generated CloudWatch alarms to match your workload’s expected baseline as needed.
This template is ideal for operations teams that want to be notified of performance degradation before users report it. The alarms cover key fleet health indicators, and the email notifications provide a lightweight alerting mechanism that does not require additional tooling.

Deploying a template: step-by-step walkthrough

The deployment process is the same for all six templates. The following walkthrough uses the Help Desk dashboard as an example, but the steps apply to any template.

1. Open the Create Stack page in the AWS CloudFormation console using the template link provided in the documentation. The Amazon S3 URL field is pre-populated with the template location.
2. Choose Next.
3. Enter a Stack name (alphanumeric characters and hyphens, starting with a letter, up to 128 characters).
4. Enter a DashboardName (alphanumerics, dashes, and underscores only ). For templates that require additional parameters (such as fleet name or email address), enter those values as well.
5. Choose Next on the Configure stack options page.
6. Scroll down to the Transforms section, select the acknowledgement checkboxes to confirm that CloudFormation might create IAM resources, and choose Submit.
7. After the stack creation completes, open the CloudWatch console, choose Dashboards in the left navigation, and select your new dashboard under Custom Dashboards.

Business value and operational benefits

These templates deliver value beyond convenience:

• Faster incident resolution – Help desk engineers no longer need to build ad-hoc queries. A pre-built dashboard with the right metrics reduces MTTR and improves the end-user experience.
• Proactive monitoring – The Fleet Performance Alerts template shifts your team from reactive troubleshooting to proactive notification. You learn about issues before users do.
• Consistency across environments – CloudFormation templates ensure that every account and Region gets the same dashboard configuration. No more dashboard drift caused by manual setup.
• Security and compliance visibility – The Connection Insights dashboard gives security teams the data they need for access audits and client version compliance without building custom log queries.
• Network accountability – The Internet Monitoring dashboard provides ISP-level data that helps you distinguish between issues in your WorkSpaces environment and issues on the network path. This is critical for productive conversations with ISPs and network providers.

Cost considerations

Custom CloudWatch dashboards may incur costs. CloudWatch provides up to three dashboards with up to 50 metrics each at no additional charge. Beyond that, standard CloudWatch dashboard pricing applies. For current pricing details, see Amazon CloudWatch Pricing. The CloudFormation stacks themselves do not incur charges; you pay only for the AWS resources they create.

Cleaning up

To remove a dashboard and its associated resources, delete the CloudFormation stack that created it. Open the AWS CloudFormation console, select the stack, and choose Delete. This removes the CloudWatch dashboard, any CloudWatch log groups, EventBridge rules, SNS topics, and alarms that the template created.

Conclusion

Operational visibility should not require hours of manual dashboard configuration. The six CloudFormation templates covered in this post give you ready-to-deploy CloudWatch dashboards for both WorkSpaces personal and WorkSpaces applications in minutes. Whether you need per-user troubleshooting, fleet-level health monitoring, connection insights, ISP analysis, or automated alerting, there is a template ready to deploy.

To get started, visit the documentation for WorkSpaces personal templates and WorkSpaces applications templates, and deploy the dashboards that match your operational needs.

	Dave Jaskie is a Senior AWS Applied AI Solutions Architect with 16 years of experience in the end-user computing space. He helps customers design, deploy, and optimize their virtual desktop and application streaming environments on AWS. Outside of work, Dave enjoys traveling and hiking with his wife and four kids.
	Prasanna Durga Bokku has been a Software Development Engineer at AWS since 2022 where she specializes in observability services for End User Computing. Outside of work Prasanna enjoys dancing, singing and exploring the PNW.