我正在与AWS合作,最近我的帐户详细信息(访问密钥/密钥)被泄露。他们启动了21个Ec2实例。是否有方法检查从哪个IP地址启动了AWS EC2实例?
最佳答案
如果已启用CloudTrail,则可以检查此信息。事件应该有“sourceIPAddress”。
EC2 Log Example:
{
"Records": [{
"eventVersion": "1.0",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Alice",
"accessKeyId": "EXAMPLE_KEY_ID",
"accountId": "123456789012",
"userName": "Alice"
},
"eventTime": "2014-03-06T21:22:54Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "StartInstances",
"awsRegion": "us-west-2",
"sourceIPAddress": "205.251.233.176",
"userAgent": "ec2-api-tools 1.6.12.2",
关于linux - 知道启动EC2实例的系统的IP地址,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30586929/