Amazon WorkSpaces now lets you track login events using Amazon CloudWatch Events
You can now use Amazon CloudWatch Events to view, search, download, archive, analyze, and respond to successful logins to your Amazon WorkSpaces. With this release, you can monitor client WAN IP addresses, Operating System, WorkSpaces ID, and Directory ID information for users’ logins to WorkSpaces.
You can use this feature to learn when, where, and how your users log in to and access their WorkSpaces. This information will allow you to better understand usage patterns and trends, and to set up automated actions based on how a WorkSpace is accessed. For example, you can use policies to manage access to files and data from WorkSpaces that meet access criteria you set in the CloudWatch Event type ‘WorkSpaces Access’. You can also analyze this data, which is available in near real-time, perform automated actions using AWS Lambda, and have policy controls to block access to files and applications from unauthorized IP addresses with policy controls.
This capability is available in all regions where Amazon WorkSpaces and CloudWatch Events are available (see the AWS Region Table for regional availability. You can configure CloudWatch Events monitoring for your WorkSpaces by going to the CloudWatch console or from the AWS Command Line Interface. For more information on how to use CloudWatch Events, see the Amazon CloudWatch Events User Guide. To learn more about CloudWatch Events for WorkSpaces, please see our documentation here.