how do i find out whether someone is trying to mount the volume or copy the ebs volume?

mount the volume

This is done from the instance. I don’t think you can detect any mount attempts that after the EBS volume is already attached to the instance.

Would I need to integrate with Cloud Trail?

You can use CloudWatch Events as well, don’t need trial for that. For example, the event could be:

{
  "source": [
    "aws.ec2"
  ],
  "detail-type": [
    "EBS Snapshot Notification"
  ],
  "detail": {
    "event": [
      "copySnapshot"
    ]
  }
}

or

{
  "source": [
    "aws.ec2"
  ],
  "detail-type": [
    "EBS Volume Notification"
  ],
  "detail": {
    "event": [
      "attachVolume"
    ]
  }
}

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top