Stack Overflow Asked by Zanam on January 19, 2021
How can I find out the email address I used to create an EC2/lightsail instance through SSH?
Firstly their may not always be an email as others has said. As to call AWS APIs you need to be able to assume a role which has the ability to call ec2:RunInstances
. If for example you granted this role to an Lambda
function, that Lambda could indeed create a new ec2 instance, but it's not like it has an email.
Using Tags
What you want to see is who called ec2:RunInstances
for that ec2 instance. If you have enabled Cost Allocation tags you could use the aws:createdBy
tag, as described here. To access the tags in the instance, you first need the id, and then query for the tags:
instance_id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
aws ec2 describe-tags
--filters "Name=resource-id,Values=$instance_id" 'Name=key,Values=aws:createdBy'
--query 'Tags[].Value' --output text
CloudTrail
If you weren't in the instance, you could search for events of name RunInstances
and find where responseElements.instanceSet.items[].instanceId == 'YOUR INSTANCE ID'
. This can be done in AWS Config I as well I believe, if you have enabled it for your instance from created at date.
Answered by Derrops on January 19, 2021
Not sure if we can get email id, but we would be definitely able to get the accountid using the below command on the EC2 instance. AWS might not be allowing to get the email address fo the sake of security.
curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -i accountid
Answered by Praveen Sripati on January 19, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP