0

I am currently sharing private EBS snapshots with other AWS accounts via the permission managements AWS offers.

Is there any way for me to know how often these snapshots have been used by these other accounts for creating EBS volumes? Ideally, I would also like to know by which account.

It would already be very helpful to know if the snapshot has been used at all by anyone else than myself/my AWS account.

Thomas Kainrad
  • 2,542
  • 21
  • 26
  • 1
    I'm pretty sure this isn't possible. Once you share your snapshot you lose control of it. As a test I shared a snapshot to another account (account B) I have access to. I then created a copy of that snapshot on account B. I removed the share permission for account B on the original account. The shared snapshot was no longer available on account B but the copy was. – kenlukas Mar 13 '19 at 14:30
  • Thanks for taking the effort. This is quite unfortunate. – Thomas Kainrad Mar 13 '19 at 15:22
  • 1
    There might be a vague possibility of something showing up in AWS CloudTrail, but it only shows API calls that go to your account and I suspect that 'sharing' snapshots does not involve such API calls. – John Rotenstein Mar 13 '19 at 20:26

2 Answers2

1

I think that you can do a code that filters and count your volumes through snapshot id, each EBS has an attribute that says from which snaps he was created.

For example, you can use the function describe_volumes(Boto3 python) in lambda function, that receive the Snaphot ID and filter all your volumes and make a count of the number ob volumes that are using that snap.

Other way is copy and pastes the Snapshot ID into EBS console, this way AWS console will show the number of EBS that are using this Snapshot.

daniel rivera
  • 21
  • 3
  • Unfortunately, this will not work. The question does not concern my own volumes, rather the ones created by people I shared the snapshot with. However, your answer pointed out that the title of my question is ambiguous, thx! – Thomas Kainrad Mar 13 '19 at 13:44
  • I am sorry, I understood bad initially, I think that know the status of use of your snaps immediately is hard, for the moment I have in my mind a lambda function that can be scheduled, this function describes all volumes and get the snap ID, after you can describe this Snapshot with information about the owner account, you need to be manipulated this information in your code to generate statistics. I hope that this if help you. i will be pending if there are other ways more efficient – daniel rivera Mar 13 '19 at 14:25
0

It turns out that AWS does not support this functionality. It is also not possible via AWS CloudTrail, as it only tracks actions of your own account.

Therefore, one would have to implement their own workaround. E.g. if you know that customers will use a specific script that you provide with your snapshot, you could add code to that script which will notify some web-service.

Thomas Kainrad
  • 2,542
  • 21
  • 26