Monitoring Workspaces With Amazon EventBridge

Brett Gillett

Because of COVID-19, many of our customers have implemented work from home solutions for their employees. While many options are available, Amazon Workspaces offers a cost-effective, easy to use remote desktop solution.

Last week, we helped one of our AWS Managed Services customers deploy approximately four hundred Windows Workspaces across several AWS accounts.

One of their requirements is to report on daily usage. While Amazon CloudWatch provided us with much of the information we required to meet the customer’s needs, we did build a custom solution for reporting.

The customer’s goal was to be able to report on usage by the individual user. To meet these requirements, we leveraged Amazon EventBridge, DynamoDB and several Lambda functions.

Monitoring Amazon Workspaces with EventBridge

Amazon EventBridge

EventBridge provides a real-time stream of events which you can use for event-driven programming. It supports AWS native events, SaaS solutions, as well as custom events. You create rules which allow you to take action on specific events. When an event matches a rule, the event is sent to one (or more) targets. While EventBridge supports a growing list of targets for our project, we used Lambda as the target.

For this particular solution, we created a rule which monitors for ‘Workspaces Access’ events. When an event is detected, the rule invokes a Lambda function to record event details.

Amazon DynamoDB

We store all Workspaces information in a central DynamoDB table. Using a NoSQL database made sense because the data we’re storing is non-relational, and we can quickly scale the table if we need to.

The table we created uses both a partition (workspaceID) and range key (LoginTime). We also enabled DynamoDB streams - more on this later.

DynamoDB table for Workspace Monitoring

AWS Lambda

We needed two Lambda functions to meet our customer’s objectives.

EventBridge invokes the first function when it receives a ‘Workspaces Access’ event. The function parses event data and stores essential details in the DynamoDB table we mentioned earlier.

The second function is invoked when items in the table are added or modified. The function ‘enriches’ the captured data by adding the user name associated with the Workspace. Currently, we make a simple describe_workspaces boto3 call and pass the unique Workspaces identifier to look up the Workspace username.

Brett Gillett


Like what you read? Why not subscribe to the weekly Orbit newsletter and get content before everyone else?