Skip to content

Creator Tracking

Track who created each resource in your AWS account using CloudTrail.

Tracking During Snapshot Creation

awsinv snapshot create my-snapshot --region us-east-1 --track-creators

Enriching Existing Snapshots

awsinv snapshot enrich-creators my-snapshot --days-back 90

This adds three tags to each resource:

  • _created_by: The IAM role/user ARN that created the resource
  • _created_by_type: The identity type (AssumedRole, IAMUser, Root, AWSService)
  • _created_at: When the resource was created (from CloudTrail)

Note

CloudTrail has a 90-day lookup window. Resources created more than 90 days ago won't have creator information. The --days-back option lets you customize the lookup period (default: 90).

Debugging Low Match Rates

If enrich-creators matches fewer resources than expected, use the --debug flag to diagnose where the matching pipeline breaks down:

awsinv snapshot enrich-creators my-snapshot --debug

Debug output shows:

  • Resource Key Building -- Each resource's type, normalized type, and lookup keys
  • Event Type Filtering -- Which resource types have CloudTrail event mappings and which don't
  • CloudTrail Results -- Creator keys returned from CloudTrail queries
  • Matching Results by Type -- Per-type match/unmatch counts with the keys that were tried for unmatched resources

Listing Creators

View a summary of all resource creators for a snapshot:

# Show creators summary for active snapshot
awsinv snapshot creators

# Show creators for specific snapshot
awsinv snapshot creators my-snapshot

# Show detailed resources for each creator
awsinv snapshot creators --detailed

# Export to JSON or CSV
awsinv snapshot creators --output creators.json
awsinv snapshot creators --output creators.csv

Output includes:

  • Unique creators count
  • Resources with/without creator info
  • Table with creator name, type, resource count, and top resource types
  • With --detailed: individual resources grouped by type for each creator

Use Cases

  • Identify resources created by automation vs. manual creation
  • Track resources created by specific CI/CD pipelines
  • Find resources created by former team members
  • Audit resource creation by identity type

Web UI Support

The Resource Explorer includes three creator columns (enable via column selector):

  • Created By -- Shows the creator ARN (truncated for readability)
  • Creator Type -- Color-coded badge (AssumedRole=blue, IAMUser=green, Root=red, AWSService=orange)
  • Creation Time -- When the resource was created

IAM Permissions

Creator tracking requires CloudTrail access:

{
  "Effect": "Allow",
  "Action": ["cloudtrail:LookupEvents"],
  "Resource": "*"
}