Posted On: Jul 27, 2021
AWS CloudTrail now supports logging of data events for Amazon EBS direct APIs that customers can use to identify when their Amazon EBS snapshots are accessed using the ListSnapshotBlocks, ListChangedBlocks, GetSnapshotBlock, or PutSnapshotBlock APIs by users in their AWS account. These data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, and help customers’ security and operations teams detect unauthorized access and take immediate action. Until now, customers could use management events logged in AWS CloudTrail to identify when EBS snapshots were created, copied, or shared with other AWS accounts. With this new capability, customers can also identify when users in their AWS account access Amazon EBS snapshots at the block level using EBS direct APIs.
You can enable logging of data events for Amazon EBS direct APIs using the AWS CloudTrail Console, CLI, or SDKs. When creating a new trail or editing an existing trail, you can use AWS CloudTrail advanced event selectors to control which data events you want to log and pay for. For example, you can select the EBS snapshots for which you want to log data events, or you can choose to log data events for specific API requests such as ListSnapshotBlocks or GetSnapshotBlock.
You can enable logging of data events for Amazon EBS direct APIs in all AWS regions where EBS direct APIs are available.
To get started, see the following list of resources: