I'm new to AWS and trying to manage around 700 always-on workspaces that our users connect to as their desktop. I believe there are over 100 workspaces that haven't been logged into in the last 30 days. I have access to the workspaces node and CloudWatch, but the Active Directory attribute for last login seems unreliable because I think a service account connects periodically. I'm looking for a straightforward way to generate a list of machines where no users have connected in the past 30 days. I've been attempting to query when UserConnected=0 for more than 30 days, but I'm repeatedly hitting the 500 metric limit. From the workspaces node, I'm particularly interested in the "User last active" field. In a Windows/PowerShell environment, I would simply iterate and dump the computer name and last active user, but I need to find an equivalent solution here. It seems like generating such a report should be common, so any advice would be appreciated. Thanks!
5 Answers
We extract this data through our Remote Monitoring and Management (RMM) system. It's usually a straightforward process, but I understand that might not be an option for everyone.
You can check the "last active" info for workspaces through your development portal, which should bypass that metric limit. There are also open-source tools available, like Backstage, but you'd need a decent-sized team to make it functional.
You could consider using a cloud shell script to automate the process. I did that recently and it allows you to either export data as a CSV or even directly stop/terminate the workspaces if needed.
I brute-forced a solution that works well enough. Here's a walkthrough:
1. Log into CloudWatch.
2. Go to the Metrics tab, select All Metrics.
3. Browse to Workspaces and then By Workspace ID.
4. Search for "userconnected" and add it as a filter.
5. Set the time range to Last 4 Weeks and switch the graph view to Data Table.
6. Change Statistic to Maximum and Period to 1 Day.
7. Since this metric is binary, a '1' means there's been at least one connection that day.
8. Use the Actions menu to export to CSV, repeating to get all rows.
9. Combine the CSV files and create your own MAX() row to see if any connections occurred in that window.
10. Relax with a drink after all that work!
If your workspaces use SAML authentication, pulling logs from your Identity Provider (IDP) can help you figure out when each user last signed into their workspace. That might give you the insight you need.
Thanks for the tip! Unfortunately, we're a small organization without the luxury of a big team or advanced tools.