Amazon WorkSpaces

Least Privileged User

Navigate to the AWS console and create an IAM user with programmatic access. The user will need the following permissions. You can create a policy specifically for these permissions and apply the permissions to the user.

For more information, see: High Level AWS Source Configuration

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "workspaces:DescribeWorkspacesConnectionStatus",
        "workspaces:DescribeTags",
        "workspaces:DescribeWorkspaceBundles",
        "workspaces:DescribeWorkspaces",
        "workspaces:DescribeWorkspaceDirectories",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics"
      ],
      "Resource": "*"
    }
  ]
}

Connection Parameters

NameRequired?Description
Region
Access Key IDRequired
Secret Access KeyRequired
Additional ThreadsThe number of additional threads allowed to be utilized during collection.
Request Timeout (seconds)The number of seconds to allow for the API to return a response.
Collect CloudWatch Metrics
CloudWatch Historic ModeIf enabled, retrieves a history of data points from CloudWatch. Otherwise, collects only the most recent data point for each metric.

Metrics

Bundle

NameDescription
Compute TypeThe compute type for the Bundle.
DescriptionThe description of the Bundle.
IDID of the Amazon WorkSpaces Bundle.
NameThe name of the Bundle.
OwnerThe owner of the Bundle.
RegionThe AWS Region this object belongs to.
Root Storage Capacity (Gibibytes)The size of the root volume for the Bundle.
User Storage Capacity (Gibibytes)The size of the user storage for the Bundle.

Directory

NameDescription
AliasThe Directory alias.
Available WorkspacesThe number of WorkSpaces that returned a healthy status.
Average In Session Latency (Milliseconds)The average round trip time between the WorkSpaces client and the WorkSpace.
Average Session Launch Time (Seconds)The average amount of time it takes to initiate a WorkSpaces session.
Connection Attempts (Connections)The number of connection attempts.
Connection Failures (Connections)The number of failed connections.
Connection Successes (Connections)The number of successful connections.
Custom Security Group IDThe identifier of any security groups to apply to WorkSpaces when they are created.
Customer User NameThe user name for the service account.
Default OUThe organizational unit (OU) in the Directory for the WorkSpace machine accounts.
DNS IP AddressesThe IP addresses of the DNS servers for the Directory.
Enable Internet AccessIndicates whether internet access is enabled for the Directory.
Enable WorkDocsIndicates whether the Directory is enabled for Amazon WorkDocs.
IAM Role IDThe identifier of the IAM role.
IDID of the Amazon WorkSpaces Directory.
NameThe name of the Directory.
RegionThe AWS Region this object belongs to.
Registration CodeThe registration code for the Directory.
Session Disconnects (Connections)The number of connections that were closed, including user-initiated and failed connections.
StateThe state of the Directory's registration with Amazon WorkSpaces.
Stopped WorkspacesThe number of WorkSpaces that are stopped.
Subnet IDsThe identifiers of the subnets used with the Directory.
TypeThe Directory type.
Unhealthy WorkspacesThe number of WorkSpaces that returned an unhealthy status.
User Is Local AdministratorIndicates whether the WorkSpace user is an administrator on the WorkSpace.
Workspace Security Group IDThe identifier of the security group that is assigned to new WorkSpaces.
Workspaces In MaintenanceThe number of WorkSpaces that are under maintenance.
Workspaces With ConnectionsThe number of WorkSpaces that have a user connected.

Workspace

NameDescription
AvailableIf the WorkSpace returned a healthy status.
Bundle IDThe identifier of the bundle used to create the WorkSpace.
Compute TypeThe bundle compute type of the Workspace.
Computer NameThe name of the WorkSpace, as seen by the operating system.
Connection Attempts (Connections)The number of connection attempts.
Connection Failures (Connections)The number of failed connections.
Connection StateThe connection state of the WorkSpace. The connection state is unknown if the WorkSpace is stopped.
Connection State TimestampThe timestamp of the connection state check.
Connection Successes (Connections)The number of successful connections.
Directory IDThe identifier of the AWS Directory Service directory for the WorkSpace.
Error CodeIf the WorkSpace could not be created, contains the error code.
Error MessageIf the WorkSpace could not be created, contains a textual error message that describes the failure.
IDID of the Amazon WorkSpaces WorkSpace.
In Session Latency (Milliseconds)The round trip time between the WorkSpaces client and the WorkSpace.
IP AddressThe IP address of the WorkSpace.
Last Known User Connection TimestampThe timestamp of the last known user connection.
MaintenanceIf the WorkSpace is under maintenance.
RegionThe AWS Region this object belongs to.
Root Volume Encryption EnabledIndicates whether the data stored on the root volume is encrypted.
Root Volume Size (Gibibytes)The size of the root volume.
Running ModeThe running mode of the Workspace.
Running Mode Auto Stop Timeout (Minutes)The time after a user logs off when WorkSpaces are automatically stopped.
Session Disconnects (Connections)The number of connections that were closed, including user-initiated and failed connections.
Session Launch Time (Seconds)The amount of time it takes to initiate a WorkSpaces session.
StateThe operational state of the WorkSpace.
StoppedIf the WorkSpace is stopped.
Subnet IDThe identifier of the subnet for the WorkSpace.
UnhealthyIf the WorkSpace returned an unhealthy status.
User ConnectedIf the WorkSpace has a user connected.
User NameThe user for the WorkSpace.
User Volume Encryption EnabledIndicates whether the data stored on the user volume is encrypted.
User Volume Size (Gibibytes)The size of the user storage.
Volume Encryption KeyThe KMS key used to encrypt data stored on your WorkSpace.