I have cloud monitoring turned on for my EBS Volumes that gives me metrics such as BurstBalance, VolumeWriteOpS, VolumeQueueLengts etc.
I would like to find out how can I find out whether someone is trying to mount the volume or Copy the EBS volumes. Would I need to integrate with Cloud Trail?
mount the volume
This is done from the instance. I don't think you can detect any mount attempts that after the EBS volume is already attached to the instance.
Would I need to integrate with Cloud Trail?
You can use CloudWatch Events as well, don't need trial for that. For example, the event could be:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Snapshot Notification"
],
"detail": {
"event": [
"copySnapshot"
]
}
}
or
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Volume Notification"
],
"detail": {
"event": [
"attachVolume"
]
}
}