AWS CloudTrail now supports logging of data events for Amazon EBS direct APIs that customers can use to identify when their Amazon EBS snapshots are accessed using the ListSnapshotBlocks, ListChangedBlocks, GetSnapshotBlock, or PutSnapshotBlock APIs by users in their AWS account. These data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, and help customers’ security and operations teams detect unauthorized access and take immediate action. Until now, customers could use management events logged in AWS CloudTrail to identify when EBS snapshots were created, copied, or shared with other AWS accounts. With this new capability, customers can also identify when users in their AWS account access Amazon EBS snapshots at the block level using EBS direct APIs.
Source:: Amazon AWS