Desktop and Application Streaming

Using Amazon CloudWatch to prepare for WSP migration of Amazon WorkSpaces

If you are to take advantage of the WSPv2 feature and performance enhancements, you must validate that your end users are connected with a supported client. Amazon WorkSpaces using PCoIP can be converted to WSP using the modify protocol API. WorkSpaces that already use WSP will be updated during API initiated reboots.

In this walkthrough, you create an Amazon CloudWatch dashboard with four widgets to identify the end users connecting on unsupported platforms. The four widgets you configure are:

  • WorkSpaces IDs connecting from a platform not supported by WSPv2
  • WorkSpace IDs with an earlier Windows client that is not supported by WSPv2
  • WorkSpace IDs with an earlier macOS client that is not supported by WSPv2
  • WorkSpace IDs that have started a protocol migration
Time to read 20 minutes
Time to complete 30 minutes
Cost to complete Detailed cost information on CloudWatch can be found at: Amazon CloudWatch Pricing – Amazon Web Services (AWS)
Learning level 300
Services used

Amazon WorkSpaces

CloudWatch

CloudTrail

Prerequisites:

Create a log group for WorkSpaces events

Each WorkSpaces’ connection must be stored in a log group so they can be queried by the dashboard widgets.

  1. Open the Amazon EventBridge console.
    • Confirm you are in the AWS Region your WorkSpaces are hosted in.
  2. Choose EventBridge Rule in the Getting Started view. Select Create rule.
  3. For the Name field, enter WorkSpacesAccessRule.
  4. Select Next.
  5. In the Event Pattern section, select WorkSpaces from the AWS service dropdown.
  6. For Event type, select WorkSpaces Access.
  7. Select Next.
  8. In the Select a target dropdown, select CloudWatch log group.
  9. For Log group, name your new log group WorkSpacesAccessLogs.
  10. Select Next.
  11. Select Create rule.

Walkthrough

Step 1: Create a dashboard and widget to display WorkSpace IDs connecting from a platform that will not Support WSPv2

WorkSpace Platforms Not Supported by WSP

  1. Open the Dashboards section of the CloudWatch console for your WorkSpaces Region.
  2. Select Create dashboard.
  3. Name it WorkSpacesConnectionInformation and select Create Dashboard.
  4. For Add widget, select Logs table.
  5. In the Logs insights section, select the log group you created in the last step from the dropdown.
  6. Input the following filtering in the query section:
    fields @timestamp, @message
    | fields account
    | fields region, detail.clientPlatform, detail.clientVersion, detail.workspaceId
    | display region, detail.clientPlatform, detail.clientVersion, detail.workspaceId
    | filter detail.clientPlatform not like "OSX"
    | filter detail.clientPlatform not like "Windows"
    | filter detail.clientPlatform not like "Web"
  7. Select Create widget.
  8. (Optional) Rename the widget Platforms Connecting.
  9. Select Save in the top right.

Step 2: Create a widget to display WorkSpace IDs connecting from a Windows client that will not Support WSPv2

In this step, you create a widget on your dashboard to display the WorkSpace IDs that are connecting from a Windows client version that does not support WSPv2. If these WorkSpaces are converted from PCoIP to WSP, clients listed in this table will not be able to connect to WorkSpaces.

WorkSpace Clients Not Supportedby WSP

  1. Open the Dashboards section of the CloudWatch console for your WorkSpaces Region.
  2. Select the WorkSpacesConnectionInformation dashboard that you created in the previous step.
  3. Once you are within the dashboard, select the +.
  4. For Add widget, select Logs table.
  5. In the Logs insights section, select the log group you created in the last step from the dropdown.
  6. Input the following filtering in the query section:
    fields @timestamp, @message
    | fields account
    | fields region, detail.clientPlatform, detail.clientVersion, detail.workspaceId
    | fields substr(detail.clientVersion, 0, 1) as majorVersion
    | fields substr(detail.clientVersion, 2, 1) as minorVersion
    | display region, detail.clientPlatform, detail.clientVersion, detail.workspaceId, majorVersion,minorVersion
    | filter detail.clientPlatform ="Windows"
    | filter ((majorVersion=5 and minorVersion<4)or majorVersion<5)
  7. Select Create widget.
  8. (Optional) Rename the widget Unsupported Windows Clients Connecting.
  9. Select Save.

Step 3: Create a widget to display WorkSpace IDs connecting from a macOS client that will not Support WSPv2

In this step, you create a widget on your dashboard to display the WorkSpace IDs that are connecting from a macOS client version that does not support WSPv2. If these WorkSpaces are converted from PCoIP to WSP, users will not be able to connect to them using WSPv2.

WorkSpace Clients Mac NotSupported By WSP

  1. Open the Dashboards section of the CloudWatch console for your WorkSpaces Region.
  2. Select the WorkSpacesConnectionInformation dashboard you created in the previous step.
  3. Once you are within the dashboard, select the + in the top right.
  4. For Add widget, select Logs table.
  5. In the Logs insights section, select the log group you created in the last step from the dropdown.
  6. Input the following filtering in the query section:
    fields @timestamp, @message
    | fields account
    | fields region, detail.clientPlatform, detail.clientVersion, detail.workspaceId
    | fields substr(detail.clientVersion, 0, 1) as majorVersion
    | fields substr(detail.clientVersion, 2, 1) as minorVersion
    |display region, detail.clientPlatform, detail.clientVersion, detail.workspaceId,majorVersion,minorVersion
    |filter detail.clientPlatform ="OSX"
    |filter ((majorVersion=5 and minorVersion<5)or majorVersion<5)
  7. Select Create widget.
  8. (Optional) Rename the widget Unsupported macOS Clients Connecting.
  9. Select Save.

Step 4: Create a widget to display WorkSpace IDs that have initiated a protocol migration

In this step, you create a widget on your dashboard to display the WorkSpace IDs that have initiated a protocol migration from PCoIP to WSP or from WSP to PCoIP.

WorkSpace Clients Migrations

  1. Open the Dashboards section of the CloudWatch console for your WorkSpaces Region.
  2. Select the WorkSpacesConnectionInformation dashboard that you created in the previous step.
  3. Once you are within the dashboard, select the + in the top right.
  4. For Add widget, select Logs table.
  5. For Log Groups, select the log group for CloudTrail in your WorkSpace Region.
  6. Input the following filtering in the query section:
    fields @timestamp, @message
    |filter eventName = "ModifyWorkspaceProperties"
    |filter ispresent(requestParameters.workspaceProperties.protocols.0)
    |fields awsRegion, requestParameters.workspaceId, requestParameters.workspaceProperties.protocols.0
    |display awsRegion, requestParameters.workspaceId, requestParameters.workspaceProperties.protocols.0
  7. Select Create widget.
  8. (Optional) Rename the widget WorkSpace Protocol Migrations Initiated.
  9. Select Save.

Conclusion

In this walkthrough, you created CloudWatch dashboard widgets to provide insight into how WorkSpaces are accessed. The widgets show clients running earlier versions, or unsupported platforms for WSPv2. This can be further enhanced to add automation with EventBridge and Lambda to perform custom actions. When creating CloudWatch Logs, by default, logs are kept indefinitely and never expire. You can adjust the retention policy for each log group. For more information on CloudWatch Logs, review the guide on Amazon CloudWatch Logs. For more information on CloudWatch dashboards, review the guide on using Amazon CloudWatch dashboards. To make additional queries in CloudWatch to gather more information, review the blog to understand end user access to Amazon WorkSpaces with Amazon CloudWatch.

Dave Jaskie brings 15 years of experience in the End User Computing space. Outside of Work, Dave enjoys traveling and hiking with his wife and 3 kids.
Jon Schwenn Jon Schwenn is an Enterprise Support Lead at AWS. He helps customers reach their business goals with technical solutions. When he’s not building solutions in AWS, Jon enjoys building 3D printers, retro computers, and building out his workshops.