Try it now and let us know what you think. Switch to the new look >>
You can return to the original look by selecting English in the language selector above.
Amazon CloudWatch Events for Amazon EBS
Amazon EBS emits notifications based on Amazon CloudWatch Events for a variety of volume, snapshot, and encryption status changes. With CloudWatch Events, you can establish rules that trigger programmatic actions in response to a change in volume, snapshot, or encryption key state. For example, when a snapshot is created, you can trigger an AWS Lambda function to share the completed snapshot with another account or copy it to another region for disaster-recovery purposes.
Events in CloudWatch are represented as JSON objects. The fields that are unique to the event are contained in the "detail" section of the JSON object. The "event" field contains the event name. The "result" field contains the completed status of the action that triggered the event. For more information, see Event Patterns in CloudWatch Events in the Amazon CloudWatch Events User Guide.
For more information, see Using Events in the Amazon CloudWatch User Guide.
Contents
EBS Volume Events
Amazon EBS sends events to CloudWatch Events when the following volume events occur.
Events
Create Volume (createVolume)
The createVolume event is sent to your AWS account when an action to
create a volume completes. However it is not saved, logged, or archived. This event
can have a result of either available or failed. Creation
will fail if an invalid KMS key was provided, as shown in the examples below.
Event Data
The listing below is an example of a JSON object emitted by EBS for a
successful createVolume event.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567" ], "detail": { "result": "available", "cause": "", "event": "createVolume", "request-id": "01234567-0123-0123-0123-0123456789ab" } }
The listing below is an example of a JSON object emitted by EBS after a failed
createVolume event. The cause for the failure was a disabled KMS
key.
{ "version": "0", "id": "01234567-0123-0123-0123-0123456789ab", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "sa-east-1", "resources": [ "arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567", ], "detail": { "event": "createVolume", "result": "failed", "cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789abis disabled.", "request-id": "01234567-0123-0123-0123-0123456789ab", } }
The following is an example of a JSON object that is emitted by EBS after a failed
createVolume event. The cause for the failure was a KMS key pending
import.
{ "version": "0", "id": "01234567-0123-0123-0123-0123456789ab", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "sa-east-1", "resources": [ "arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567", ], "detail": { "event": "createVolume", "result": "failed", "cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789abis pending import.", "request-id": "01234567-0123-0123-0123-0123456789ab", } }
Delete Volume (deleteVolume)
The deleteVolume event is sent to your AWS account when an action to
delete a volume completes. However it is not saved, logged, or archived. This event
has the result deleted. If the deletion does not complete, the event is
never sent.
Event Data
The listing below is an example of a JSON object emitted by EBS for a
successful deleteVolume event.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567" ], "detail": { "result": "deleted", "cause": "", "event": "deleteVolume", "request-id": "01234567-0123-0123-0123-0123456789ab" } }
Volume Attach or Reattach
(attachVolume, reattachVolume)
The attachVolume or reattachVolume event is sent to your
AWS account if a volume fails to attach or reattach to an instance. However it is
not saved, logged, or archived. If you use a KMS key to encrypt an EBS volume and
the key becomes invalid, EBS will emit an event if that key is later used to attach
or reattach to an instance, as shown in the examples below.
Event Data
The listing below is an example of a JSON object emitted by EBS after a failed
attachVolume event. The cause for the failure was a KMS key
pending deletion.
Note
AWS may attempt to reattach to a volume following routine server maintenance.
{ "version": "0", "id": "01234567-0123-0123-0123-0123456789ab", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567", "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab" ], "detail": { "event": "attachVolume", "result": "failed", "cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789abis pending deletion.", "request-id": "" } }
The listing below is an example of a JSON object emitted by EBS after a failed
reattachVolume event. The cause for the failure was a KMS key
pending deletion.
{ "version": "0", "id": "01234567-0123-0123-0123-0123456789ab", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567", "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab" ], "detail": { "event": "reattachVolume", "result": "failed", "cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789abis pending deletion.", "request-id": "" } }
EBS Snapshot Events
Amazon EBS sends events to CloudWatch Events when the following volume events occur.
Events
Create Snapshot
(createSnapshot)
The createSnapshot event is sent to your AWS account when an action
to create a snapshot completes. However it is not saved, logged, or archived. This
event can have a result of either succeeded or
failed.
Event Data
The listing below is an example of a JSON object emitted by EBS for a
successful createSnapshot event. In the detail
section, the source field contains the ARN of the source volume.
The StartTime and EndTime fields indicate when
creation of the snapshot started and completed.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-west-2::snapshot/snap-01234567" ], "detail": { "event": "createSnapshot", "result": "succeeded", "cause": "", "request-id": "", "snapshot_id": "arn:aws:ec2:us-west-2::snapshot/snap-01234567", "source": "arn:aws:ec2:us-west-2::volume/vol-01234567", "StartTime": "yyyy-mm-ddThh:mm:ssZ", "EndTime": "yyyy-mm-ddThh:mm:ssZ" } }
Create Snapshots
(createSnapshots)
The createSnapshots event is sent to your AWS account when an action
to create a multi-volume snapshot completes. This event can have a result of either
succeeded or failed.
Event Data
The listing below is an example of a JSON object emitted by EBS for a
successful createSnapshots event. In the detail
section, the source field contains the ARNs of the source volumes
of the multi-volume snapshot set. The StartTime and
EndTime fields indicate when creation of the snapshot started
and completed.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Multi-Volume Snapshots Completion Status", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2::us-east-1:snapshot/snap-01234567", "arn:aws:ec2::us-east-1:snapshot/snap-012345678" ], "detail": { "event": "createSnapshots", "result": "succeeded", "cause": "", "request-id": "", "startTime": "yyyy-mm-ddThh:mm:ssZ", "endTime": "yyyy-mm-ddThh:mm:ssZ", "snapshots": [ { "snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567", "source": "arn:aws:ec2::us-east-1:volume/vol-01234567", "status": "completed" }, { "snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678", "source": "arn:aws:ec2::us-east-1:volume/vol-012345678", "status": "completed" } ] } }
The listing below is an example of a JSON object emitted by EBS after a failed
createSnapshots event. The cause for the failure was one or
more snapshots failed to complete. The values of snapshot_id are
the ARNs of the failed snapshots. StartTime and
EndTime represent when the create-snapshots action started and
ended.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Multi-Volume Snapshots Completion Status", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2::us-east-1:snapshot/snap-01234567", "arn:aws:ec2::us-east-1:snapshot/snap-012345678" ], "detail": { "event": "createSnapshots", "result": "failed", "cause": "Snapshot snap-01234567is in status deleted", "request-id": "", "startTime": "yyyy-mm-ddThh:mm:ssZ", "endTime": "yyyy-mm-ddThh:mm:ssZ", "snapshots": [ { "snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567", "source": "arn:aws:ec2::us-east-1:volume/vol-01234567", "status": "error" }, { "snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678", "source": "arn:aws:ec2::us-east-1:volume/vol-012345678", "status": "deleted" } ] } }
Copy Snapshot
(copySnapshot)
The copySnapshot event is sent to your AWS account when an action to
copy a snapshot completes. However it is not saved, logged, or archived. This event
can have a result of either succeeded or failed.
Event Data
The listing below is an example of a JSON object emitted by EBS after a
successful copySnapshot event. The value of
snapshot_id is the ARN of the newly created snapshot. In the
detail section, the value of source is the ARN of
the source snapshot. StartTime and EndTime represent
when the copy-snapshot action started and ended.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-west-2::snapshot/snap-01234567" ], "detail": { "event": "copySnapshot", "result": "succeeded", "cause": "", "request-id": "", "snapshot_id": "arn:aws:ec2:us-west-2::snapshot/snap-01234567", "source": "arn:aws:ec2:eu-west-1::snapshot/snap-76543210", "StartTime": "yyyy-mm-ddThh:mm:ssZ", "EndTime": "yyyy-mm-ddThh:mm:ssZ", "Incremental": "True" } }
The listing below is an example of a JSON object emitted by EBS after a failed
copySnapshot event. The cause for the failure was an invalid
source snapshot ID. The value of snapshot_id is the ARN of the
failed snapshot. In the detail section, the value of
source is the ARN of the source snapshot.
StartTime and EndTime represent when the
copy-snapshot action started and ended.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-west-2::snapshot/snap-01234567" ], "detail": { "event": "copySnapshot", "result": "failed", "cause": "Source snapshot ID is not valid", "request-id": "", "snapshot_id": "arn:aws:ec2:us-west-2::snapshot/snap-01234567", "source": "arn:aws:ec2:eu-west-1::snapshot/snap-76543210", "StartTime": "yyyy-mm-ddThh:mm:ssZ", "EndTime": "yyyy-mm-ddThh:mm:ssZ" } }
Share Snapshot (shareSnapshot)
The shareSnapshot event is sent to your AWS account when another
account shares a snapshot with it. However it is not saved, logged, or archived. The
result is always succeeded.
Event Data
The following is an example of a JSON object emitted by EBS after a
completed shareSnapshot event. In the detail section,
the value of source is the AWS account number of the user that
shared the snapshot with you. StartTime and EndTime
represent when the share-snapshot action started and ended. The
shareSnapshot event is emitted only when a private snapshot is
shared with another user. Sharing a public snapshot does not trigger the
event.
{ "version": "0", "id": "01234567-01234-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-west-2::snapshot/snap-01234567" ], "detail": { "event": "shareSnapshot", "result": "succeeded", "cause": "", "request-id": "", "snapshot_id": "arn:aws:ec2:us-west-2::snapshot/snap-01234567", "source":012345678901, "StartTime": "yyyy-mm-ddThh:mm:ssZ", "EndTime": "yyyy-mm-ddThh:mm:ssZ" } }
EBS Volume Modification Events
Amazon EBS sends modifyVolume events to CloudWatch Events when a volume is modified.
However it is not saved, logged, or archived.
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:012345678901:volume/vol-03a55cf56513fa1b6" ], "detail": { "result": "optimizing", "cause": "", "event": "modifyVolume", "request-id": "01234567-0123-0123-0123-0123456789ab" } }
Using Amazon Lambda To Handle CloudWatch Events
You can use Amazon EBS and CloudWatch Events to automate your data-backup workflow. This requires you to create an IAM policy, a AWS Lambda function to handle the event, and an Amazon CloudWatch Events rule that matches incoming events and routes them to the Lambda function.
The following procedure uses the createSnapshot event to automatically
copy a completed snapshot to another region for disaster recovery.
To copy a completed snapshot to another region
-
Create an IAM policy, such as the one shown in the following example, to provide permissions to execute a
CopySnapshotaction and write to the CloudWatch Events log. Assign the policy to the IAM user that will handle the CloudWatch event.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:CopySnapshot" ], "Resource": "*" } ] } -
Define a function in Lambda that will be available from the CloudWatch console. The sample Lambda function below, written in Node.js, is invoked by CloudWatch when a matching
createSnapshotevent is emitted by Amazon EBS (signifying that a snapshot was completed). When invoked, the function copies the snapshot fromus-east-2tous-east-1.// Sample Lambda function to copy an EBS snapshot to a different region var AWS = require('aws-sdk'); var ec2 = new AWS.EC2(); // define variables var destinationRegion = 'us-east-1'; var sourceRegion = 'us-east-2'; console.log ('Loading function'); //main function exports.handler = (event, context, callback) => { // Get the EBS snapshot ID from the CloudWatch event details var snapshotArn = event.detail.snapshot_id.split('/'); const snapshotId = snapshotArn[1]; const description = `Snapshot copy from ${snapshotId} in ${sourceRegion}.`; console.log ("snapshotId:", snapshotId); // Load EC2 class and update the configuration to use destination region to initiate the snapshot. AWS.config.update({region: destinationRegion}); var ec2 = new AWS.EC2(); // Prepare variables for ec2.modifySnapshotAttribute call const copySnapshotParams = { Description: description, DestinationRegion: destinationRegion, SourceRegion: sourceRegion, SourceSnapshotId: snapshotId }; // Execute the copy snapshot and log any errors ec2.copySnapshot(copySnapshotParams, (err, data) => { if (err) { const errorMessage = `Error copying snapshot ${snapshotId} to region ${destinationRegion}.`; console.log(errorMessage); console.log(err); callback(errorMessage); } else { const successMessage = `Successfully started copy of snapshot ${snapshotId} to region ${destinationRegion}.`; console.log(successMessage); console.log(data); callback(null, successMessage); } }); };To ensure that your Lambda function is available from the CloudWatch console, create it in the region where the CloudWatch event will occur. For more information, see the AWS Lambda Developer Guide.
-
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
-
Choose Events, Create rule, Select event source, and Amazon EBS Snapshots.
-
For Specific Event(s), choose createSnapshot and for Specific Result(s), choose succeeded.
-
For Rule target, find and choose the sample function that you previously created.
-
Choose Target, Add Target.
-
For Lambda function, select the Lambda function that you previously created and choose Configure details.
-
On the Configure rule details page, type values for Name and Description. Select the State check box to activate the function (setting it to Enabled).
-
Choose Create rule.
Your rule should now appear on the Rules tab. In the example shown, the event that you configured should be emitted by EBS the next time you copy a snapshot.
