By using AWS re:Post, you agree to the Terms of Use
/Number of concurrent AWS console users/

Number of concurrent AWS console users

0

Looking for a way to show the number of concurrent AWS console users over time. Would like a graphical and / or tabular representation of how many users in my AWS account are accessing the console. Bonus, report of number of API calls, grouped by console and otherwise, over time.

asked 2 months ago38 views
2 Answers
0
Accepted Answer

I'm not sure if you can get "concurrent" users exactly, but you can use a combination of CloudTrail and CloudWatch metrics to get pretty close to what you're asking for. First, you want to create a CloudTrail for AWS management events in your AWS account to capture ConsoleLogin events and other API calls. You can read about that here:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html.

That will involve creating an S3 bucket to store all of the data, and you'll want to enable CloudWatch Logs as well, so you'll be creating a new CloudWatch log group for that. Once you have the trail created, with data storage in S3, and logs flowing to CloudWatch, then you can create metrics to watch for specific things, like the ConsoleLogin event that you are wanting.

See here for info about creating a CloudWatch metric:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html

You'll want to specify a pattern like this: {$.eventName = "ConsoleLogin"}. That will count every time someone logs in using the console, so you'll be able to visualize that metric to see how many people are logging in. Unfortunately, I'm not aware of a "ConsoleLogout" event, so you can't really get concurrent users in this way, as you won't be able to see when users log out of the console (or when their session expires, for instance). But that might not be important to what you're looking for either.

Regarding the number of API calls, grouped by console and otherwise, you can use a similar approach for that. You can create two separate metrics, one for Console API calls and one for Other API calls, then create visualizations for those as well. In that case, the pattern for your metric should start with something like {$.eventType = "AwsApiCall"} and then include an additional criteria against the user agent, something like {$.userAgent = "*Console*"} to get those that came through the Console, for example. The userAgent is the only reasonably reliable field I've seen in those events to determine the source of the API calls.

You might also explore the use of dimensions to capture the value of the userAgent directly, and use that to perform group by's. See here for a bit more on that:

https://docs.aws.amazon.com/en_us/AmazonCloudWatch/latest/logs/ExtractBytesExample.html

Also, if you just want a periodic look into the CloudTrail data, you can use Athena to query the CloudTrail log files directly from S3. There is a bit of setup required in Athena to make the data structure available, but after that you can straight SQL queries to view all of the ConsoleLogin events or all of the AwsApiCall event types, grouped by userAgent, for instance. See here for more:

https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

answered 2 months ago
0

Thanks for the direction. I created an Athena query to report on the number of logins per day. Not exactly what I was looking for but close enough.

Not very elegant I know but it works for me.

SELECT count(eventname) AS count,
       DATE(from_iso8601_timestamp(eventtime)) AS date
FROM "default"."your-table-name"
WHERE eventname = 'ConsoleLogin'
and from_iso8601_timestamp(eventtime) > current_timestamp - interval '90' day
GROUP BY DATE(from_iso8601_timestamp(eventtime))
ORDER BY DATE(from_iso8601_timestamp(eventtime))

Sample output

count	date
4	5/13/2022
8	5/14/2022
8	5/16/2022
13	5/17/2022
8	5/18/2022
5	5/19/2022

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions