Number of concurrent AWS console users

I'm not sure if you can get "concurrent" users exactly, but you can use a combination of CloudTrail and CloudWatch metrics to get pretty close to what you're asking for. First, you want to create a CloudTrail for AWS management events in your AWS account to capture ConsoleLogin events and other API calls. You can read about that here:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html.

That will involve creating an S3 bucket to store all of the data, and you'll want to enable CloudWatch Logs as well, so you'll be creating a new CloudWatch log group for that. Once you have the trail created, with data storage in S3, and logs flowing to CloudWatch, then you can create metrics to watch for specific things, like the ConsoleLogin event that you are wanting.

See here for info about creating a CloudWatch metric:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html

You'll want to specify a pattern like this: {$.eventName = "ConsoleLogin"}. That will count every time someone logs in using the console, so you'll be able to visualize that metric to see how many people are logging in. Unfortunately, I'm not aware of a "ConsoleLogout" event, so you can't really get concurrent users in this way, as you won't be able to see when users log out of the console (or when their session expires, for instance). But that might not be important to what you're looking for either.

Regarding the number of API calls, grouped by console and otherwise, you can use a similar approach for that. You can create two separate metrics, one for Console API calls and one for Other API calls, then create visualizations for those as well. In that case, the pattern for your metric should start with something like {$.eventType = "AwsApiCall"} and then include an additional criteria against the user agent, something like {$.userAgent = "*Console*"} to get those that came through the Console, for example. The userAgent is the only reasonably reliable field I've seen in those events to determine the source of the API calls.

You might also explore the use of dimensions to capture the value of the userAgent directly, and use that to perform group by's. See here for a bit more on that:

https://docs.aws.amazon.com/en_us/AmazonCloudWatch/latest/logs/ExtractBytesExample.html

Also, if you just want a periodic look into the CloudTrail data, you can use Athena to query the CloudTrail log files directly from S3. There is a bit of setup required in Athena to make the data structure available, but after that you can straight SQL queries to view all of the ConsoleLogin events or all of the AwsApiCall event types, grouped by userAgent, for instance. See here for more:

https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html