Posted On: Jul 27, 2021
Amazon CloudTrail now supports logging of data events for Amazon EBS direct APIs that customers can use to identify when their Amazon EBS snapshots are accessed using the ListSnapshotBlocks, ListChangedBlocks, GetSnapshotBlock, or PutSnapshotBlock APIs by users in their Amazon Web Services account. These data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, and help customers’ security and operations teams detect unauthorized access and take immediate action. Until now, customers could use management events logged in Amazon CloudTrail to identify when EBS snapshots were created, copied, or shared with other Amazon Web Services accounts. With this new capability, customers can also identify when users in their Amazon Web Services account access Amazon EBS snapshots at the block level using EBS direct APIs.
You can enable logging of data events for Amazon EBS direct APIs using the Amazon CloudTrail Console, CLI, or SDKs. When creating a new trail or editing an existing trail, you can use Amazon CloudTrail advanced event selectors to control which data events you want to log and pay for. For example, you can select the EBS snapshots for which you want to log data events, or you can choose to log data events for specific API requests such as ListSnapshotBlocks or GetSnapshotBlock.
You can enable logging of data events for Amazon EBS direct APIs in all Amazon Web Services regions where EBS direct APIs are available.