Implement AWS CloudWatch to the AWS WorkSpaces using System Manager

  1. Install System Manager on WorkSpaces – you must follow installing AWS System Manager on-premise.
    1. Create Hybrid Activations for your AWS WorkSpaces

      Copy code and id to the script that installs it to all AWS instances using PS remoting from your Active Directory Administration Account.

    2. Invoke the following code to install a System manager Agent on Workspaces:

      Set-ExecutionPolicy Unrestricted

      Invoke-Command -ComputerName WSAMZN-AJHQL2HU,WSAMZN-4C2SBR05 -FilePath .\InstallSME.ps1


      $code = “xxx”

      $id = “yyy”

      $region = “us-east-1”

      $dir = $env:TEMP + “\ssm”

      New-Item -ItemType directory -Path $dir -Force

      cd $dir

      (New-Object System.Net.WebClient).DownloadFile(“https://amazon-ssm-$”, $dir + “\AmazonSSMAgentSetup.exe”)

      Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @(“/q”, “/log”, “install.log”, “CODE=$code”, “ID=$id”, “REGION=$region”) -Wait

      Get-Content ($env:ProgramData + “\Amazon\SSM\InstanceData\registration”)

      Get-Service -Name “AmazonSSMAgent”

  2. Install Cloud Watch Agent on Work Spaces – that now you are see them as Managed Instances.

    1. Install Cloud Watch binaries using Run Command From System Manager, search for AWS-ConfigureAWSPackage package.
    2. Put AmazonCloudWatchAgent in Name and confirm that Action is Install and specify targets.
    3. You can use:

      aws workspaces describe-workspaces –output json > workspaceinstances.txt

      notepad .\workspaceinstances.txt

      aws ssm describe-instance-information –output json > managedinstances.txt

      notepad .\managedinstances.txt

      to fetch instance details and match instanceid against computername.

    4. Disable the S3 bucket and RUN.
  3. Run script that pass config files to the insances:
    1. Run command and choose AWS-RunPowerShellScript
    2. Put script:

      New-Item “C:\ProgramData\Amazon\AmazonCloudWatchAgent\credentials” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\credentials” “[AmazonCloudWatchAgent]” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\credentials” “aws_access_key_id = zzz” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\credentials” “aws_secret_access_key = zzz” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\credentials” “region = us-east-1” -Force

      Remove-Item “C:\ProgramData\Amazon\AmazonCloudWatchAgent\common-config.toml” -Force

      New-Item “C:\ProgramData\Amazon\AmazonCloudWatchAgent\common-config.toml” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\common-config.toml” “[credentials]” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\common-config.toml” ” shared_credential_profile = `”AmazonCloudWatchAgent`”” -Force

      Add-content “C:\ProgramData\Amazon\AmazonCloudWatchAgent\common-config.toml” ” shared_credential_file = `”C:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\credentials`”” -Force

    3. Specify targets.
    4. Disable the S3 bucket and RUN.
  4. Configure Parameters:
    1. Put Parameters json file to the Parameter Store.
  5. Push configuration and Launch :
    1. Run Command From System Manager, search for AmazonCloudWatch-ManageAgent package.
    2. Action: configure
    3. Mode: onPremise
    4. Optional: ssm
    5. Configuration Location: AmazonCloudWatch-windows
    6. Optional Restart: yes

    7. Specify targets.
    8. Disable the S3 bucket and RUN.

Access to CloudWatch Events:

  1. Open AWS CloudWatch console at
  2. Select ‘Metrics’ from the left navigation bar. You will see 4 tabs on the right side. Select the first tab ‘All metrics’ and make sure the region is e.g. N.Virginia.
  3. Here you will see custom Namespaces ‘CWAgent’, click on it. Now it will show multiple subfolders, select ‘host, instance, objectname’ and you will see hostname WSAMZN-IOU56NBQ in the list.
  4. Select any of the available metrics and it will show a graph on top.
  5. The fastest way to find any metric for a host is to search the hostname when you click on Metrics on the left navigation bar.
  6. You can also search with a metric name. For example, search with “Memory % Committed Bytes In Use” to find Memory utilization for systems.


Logs: C:\ProgramData\Amazon\AmazonCloudWatchAgent\Logs

Config: C:\ProgramData\Amazon\AmazonCloudWatchAgent

Test Connection:

Test-NetConnection -ComputerName -Port 443

Test-NetConnection -ComputerName -Port 443

Test-NetConnection -ComputerName -Port 443