snippetMinor
How to know which user created the GCE Instance
Viewed 0 times
theknowcreateduserinstancegcehowwhich
Problem
We have several billing enabled projects in our GCP account and each of them has several Compute Engine Instances. I want to remove non-critical instances just to reduce the unnecessary billing. But before I do that, I need to know which instance is being used for what and for that I need to know which user created it in the first place.
How do I get to know the creator of each instance either by using
How do I get to know the creator of each instance either by using
Google Cloud Shell or Google Cloud Console?Solution
Note: I'm not a GCE user yet, the answer is based solely on documentation.
You could be Viewing Audit Logs in the
Admin Activity logs contain log entries for API calls or other
administrative actions that modify the configuration or metadata of
resources. For example, the logs record when VM instances and App
Engine applications are created and when permissions are changed. To
view the logs, you must have the IAM roles Logging/Logs Viewer or
Project/Viewer.
You would be looking for the User identities in audit logs:
Audit logs record the identity of the user performing logged actions.
The identity is held in the
objects.
Ideally you'd be looking for the GCE instance creation events, but some/all of those may be too old for the logs retention policy. Then maybe search for VM instance start or other relevant events.
You could also check and maybe cross-reference the audit logs info with that from Usage Reports or exported billing info.
If this is a regular, on-going activity you may want to setup an automated log exporting and processing pipeline.
You could be Viewing Audit Logs in the
Google Cloud Console, more specifically the Admin Activity logs:Admin Activity logs contain log entries for API calls or other
administrative actions that modify the configuration or metadata of
resources. For example, the logs record when VM instances and App
Engine applications are created and when permissions are changed. To
view the logs, you must have the IAM roles Logging/Logs Viewer or
Project/Viewer.
You would be looking for the User identities in audit logs:
Audit logs record the identity of the user performing logged actions.
The identity is held in the
AuthenticationInfo field of AuditLogobjects.
Ideally you'd be looking for the GCE instance creation events, but some/all of those may be too old for the logs retention policy. Then maybe search for VM instance start or other relevant events.
You could also check and maybe cross-reference the audit logs info with that from Usage Reports or exported billing info.
If this is a regular, on-going activity you may want to setup an automated log exporting and processing pipeline.
Context
StackExchange DevOps Q#2149, answer score: 7
Revisions (0)
No revisions yet.