How to find out who started an EC2 instance on AWS
In this video I will show you how to find out which user or role created an Amazon EC2 instance in your AWS account. You will learn how to analize the AWS CloudTrail event history.
Watch more quick AWS how-to videos here: • How to run WordPress on AWS with Amaz...
LINKS:
How to create a persistent trail to store events beyond the default 90 days in AWS CloudTrail: https://docs.aws.amazon.com/awscloudt...
TIMESTAMPS:
0:00 - Introduction
0:24 - How to find out who started an EC2 instance in 3 simple steps
0:55 - Demo: Where to find the EC2 instance ID
1:12 - Demo: Search for events by resource name in the AWS CloudTrail event history
1:49 - Demo: Find user or role name in an AWS CloudTrail event
VIDEO TRANSCRIPT:
In this video I'm going to show you how to find out which user created an Amazon EC2 instance. If you're using AWS for any kind of non-trivial workload, you will probably have multiple users and roles in your account. If you have an EC2 instance and want to find out, which user or role initiated its creation, you can do this in three simple steps:
Step 1: Get the Instance ID
Step 2: Search for the "RunInstances" event in AWS CloudTrail
Step 3: Find the user or role that created the instance
Please note that the built-in event history can only look back 90 days. If you want to analyze events that happened more than 90 days ago, you need to have an active trail storing your events in Amazon S3.
Now let's get started.
Step 1: Get the instance ID.
In the AWS Management Console, let's go to the EC2 dashboard. Select "Instances" in the menu, find the instance that we're looking for, and copy the instance ID to the clipboard, either in the list view, or directly from the instance details
Step 2: Search for the "RunInstances" event in AWS CloudTrail
With the instance ID in the clipboard, navigate to the CloudTrail dashboard. In the menu, click on "Event history", choose "resource name" from the drop-down, and paste the instance ID into the search field. This will list all events related to that instance starting with the most recent one.
The "RunInstances" event usually is the very first event for any EC2 instance and can be found at the end of the list. Depending on the number of events since the creation of the instance, you may have to flip through some pages to get all the way to the first event.
Once you've found the event, you can move on to Step 3: Find the user or role that created the instance
Click on "RunInstances" and in the details you can find the user or role name that executed the event. You can also look at the "Event record" to get more details about the user identity and a lot of additional information in the event's json representation.
If you like this video, please give it a thumbs up. Thanks for watching, I'll see you in the next one!
ABOUT THIS CHANNEL
My name's Dennis and I share tips to help you grow your Amazon Web Services (AWS) skills, build well-architected applications, and learn the best tools and skills required to help you on your cloud journey. If you're a developer, business owner or hobbyist who is interested in learning about AWS and the cloud make sure to subscribe for helpful training videos.
I'm working at AWS as a Developer Advocate and Technical Evangelist, taking care of the builder community in Germany, Austria, and Switzerland. I'm AWS Certified (SA Pro, DevOps Pro, Security Specialist, and all Associate-level certifications) and have been actively developing for the cloud since 2011. During that time I've helped countless developers and businesses build their applications in the cloud through training, content, and consulting.
If you have any questions or want to request a topic or tutorial just leave a comment on any of my videos and I'll see what I can do to answer it.
Thanks for watching, welcome to the cloud!
#AWS #In5MinutesOrLess #Tutorial
Watch video How to find out who started an EC2 instance on AWS online without registration, duration hours minute second in high quality. This video was added by user Dennis Traub 22 July 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,431 once and liked it 48 people.