How to find out who created aws cloudwatch alarm/metrics?

Question

How do I find out what IAM user created certain metrics and alarms?

I tried CLI commands: describe-alarms and list-metrics and they don't seem to provide this information nor when looking at the configuration for the alarms and metrics in the AWS console.

Answer 1

While users call APIs to create resources in AWS, those resources are associated with the AWS Account rather than a user. As long as a user has permission to create resources in the account, the resources will be created/viewed/deleted.

However, you can use AWS CloudTrail to retrieve information about the API calls themselves:

AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.