By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need information about who and from where my instances deleted.

0

My instances were deleted on 21st May 2022. How to get information about the who is deleted my instances. I contacted support but they said that it was deleted by API Call (API Call for delete cluster).

So my question is:-

  1. How could an API call delete a whole Instance... that seems impossible.
  2. How do we find out what / who caused the API call?

please guide me how to find above information other than contact to support.

Thanks,

Topics
Management & GovernanceDeveloper Tools
Tags
Log AnalysisMonitoring & LoggingAWS CloudTrail
Language
English
rePost-User-3309721
asked 2 years ago1316 views
2 Answers
0

Hello there

The solution to this problem would be to use AWS CloudTrail as it is a service that records the actions taken by a user, role, or an AWS service,see reference [1].

CloudTrail is enabled on your AWS account when you create it. When activity occurs in your AWS account, that activity is recorded in a CloudTrail event. You can easily view recent events in the CloudTrail console by going to Event history.

To find out more about how CloudTrail works, see reference [2].

In order to create a trail, you can follow the steps mentioned in the documentation, see reference [3].

After creating your trail, you can view your log files as specified in the documentation provided in [4].

For CloudTrail workflow, see reference [5].

References:

[1] https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

[2] https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html

[3] https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

[4] https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-tutorial.html#tutorial-step3

[5] https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-workflow.html

Asenathi
answered 2 years ago
0

@Asenathi is correct that CloudTrail is the service for the job. In order to see the API calls, specifically the one you are looking for, you would've had to had CloudTrail turned on already. If you don't have it enabled, follow the info/documents that @Asenathi referenced.

If you already had CloudTrail enabled and were looking to track down the exact API call, what you can do is go to the CloudTrail console by searching for CloudTrail in the search bar. On the left hand menu, select Event History and in the dropdown filter box select the Event name and search for DeleteCluster. You'll be able to actually click on the event and see the date, time, source, user name, and much more.

Here's the DeleteCluster API reference documentation where you can get more information on that specific API call.

AWS
AWSJoe
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content