How can I find out which user launched an EC2 instance in my account?

2 minute read
0

I want to identify the user that launched an Amazon Elastic Compute Cloud (Amazon EC2) instance in my account. How can I view this information?

Resolution

AWS CloudTrail allows you to view the last 90 days of recorded API activity and events in an Amazon Web Services (AWS) Region. When viewing your CloudTrail event history, you can apply one attribute filter and a time range filter to narrow the results.

Before you begin, identify the instance ID for the instance that you want to investigate. Follow these steps:

  1. Open the Amazon EC2 console, and then choose Instances from the navigation pane.
  2. Select the instance, and note the Instance ID from the Detailstab.

To view CloudTrail events and identify the user information associated with the instance launch, follow these steps:

  1. Open the CloudTrail console, and then choose Event history from the navigation pane.
  2. For Filter, choose Resource name from the dropdown menu.
  3. For Enter resource name, enter the instance ID.
  4. (Optional) For Time range, select a time range.
  5. In the list of results, look for RunInstances in the Event name column, and then select that result to expand the event details.
  6. Choose View event to view the event details, including information about who initiated the instance launch request.

Related information

Viewing CloudTrail events in the CloudTrail console

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago