When Creating and Attaching an EBS Volume at RunInstances time, the CreateVolume and AttachVolume CloudTrail entries are missing. I don't see any CloudTrail entries that are related to the created volume until we do a snapshot, then detach, then delete. Once the instance is running, if we create a second EBS Volume, and attach it, snapshot it, detach it, and then delete the volume, we what you would expect, which is CreateVolume -> AttachVolume -> CreateSnapshot -> DetachVolume -> DeleteVolume in the CloudTrail Logs.
When we look at the RunInstances event for the instance creation, there is no reference to the EBS Volume Id that was create during instance run time. My question is, is there any way to find all EBS volumes that are attached to a running EC2 instance when those EBS Volumes were created and attached at instance run time by using CloudTrail logs ?
We can see the volume information in the RunInstances JSON for the instance launch :
{
"deviceName": "/dev/sdb",
"ebs": {
"volumeSize": 5,
"deleteOnTermination": true,
"volumeType": "gp3",
"iops": 3000,
"throughput": 125
}
}
But again, there is no reference to the actual volume-id .
Thanks for any pointers !
AWS公式更新しました 8ヶ月前
Thank you, so if I read this correctly, it means that there is no way to find this without specifically querying for it , which is to say it will not show up in the logs due to the way it was created, you will have to go look for it, correct ?