Subham Tripathi
Reputation: 2733
Know IP address of system which started EC2 instance
I am working with AWS, recently my account details (access key/secret key) has been compromised. They started 21 Ec2 instances. Is there a way to check that from which IP address AWS EC2 instance was started ?
Upvotes: 0
Views: 117
Answers (1)
Greg Szymanski
Reputation: 336
You can check this information if you have enabled CloudTrail. There should be "sourceIPAddress" for the event.
{
"Records": [{
"eventVersion": "1.0",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Alice",
"accessKeyId": "EXAMPLE_KEY_ID",
"accountId": "123456789012",
"userName": "Alice"
},
"eventTime": "2014-03-06T21:22:54Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "StartInstances",
"awsRegion": "us-west-2",
"sourceIPAddress": "205.251.233.176",
"userAgent": "ec2-api-tools 1.6.12.2",
Upvotes: 2
Related Questions
- Get Public IP Address on current EC2 Instance
- How to find the IP address of an amazon EC2 instance on reboot
- How to find which IP address is used by EC2 instance when it's making requests to some other server outwards
- aws ec2 instance ip address from cli aws ec2 describe-instances
- Retrieve another EC2 instance's public IP address
- How do I capture the IP address of a CLI-started EC2 instance for subsequent use?
- Get Elastic IP from running instance
- How to tell why an EC2 instance was started
- Fetch the IP address of an instance after creating it
- How to know which specific machine connected to my EC2 instance