My entire team accesses a single AWS account through federated login. Apart from my team, only admin (root user) has access to this account. But the root user is only for administration purpose.
We all login to the AWS console through a SAML-based SSO. The navbar of the AWS console shows the user info as:
Federated Login: TEAM-NAME/email.of.logged.in.user@organization.com
Account: 1234-5678-1234
Since it is a single account, the account id is common for all federated users. But the emails are their own. Also, on clicking "My Account" link in navbar, the account name is shown as
assumed-role/TEAM-NAME/email.of.logged.in.user@organization.com
A part of my project is to identify the creator of some AWS resources. Now, suppose a bucket was created by some federated user. Can I, another federated user, track who (email) created this bucket? What about other kind of resources (not just s3 buckets)?
You can track that using the Amazon cloud trail. But as a federated user, you will have to make sure that you have Amazon Cloud Trail access. Once you've Cloud Trail access you can filter the bucket name using Resource Name filter.
Thank you very much. But the 90 days limit is a bit upsetting. Is there any way to overcome that?
You can deliver to s3 bucket or even to cloudwatch for a longer retention period.