How to find all actions/events that are able to create or modify a specific resource?

Question

Below are 2 examples, however, **the question is more general and applies to any resource**:

1) I tried to capture all events that are able to create/update api gateway stage for automatic WAF hooking.
Initially, I identified 2 actions "CreateStage" and "UpdateStage" however, it turned out that apart from these 2 actions, the "CreateDeployment" action also is able to create stage without invoking the "CreateStage" event.

2) When we run "ec2:RunInstance" it will also generate or trigger another API (and therefore resources), such as "AttachVolume".

Searching each of the possible actions based on type parameters such as "stageName" seems unobvious and inefficient.
I am looking for a more efficient way to identify all events that may create or modify a particular resource.

Answer

Hi, the most efficient way is usually CloudTrail: it registers all API calls for a given account. So, go to CloudTrail, extract a trace of all API calls on your period of interest. Then you can search on resource name and find all details about who did what when on this resource.

That's how I personally do when I have such a question.

Best,

Didier

That's how I personally do when I have such a question.

Best,

Didier

How to find all actions/events that are able to create or modify a specific resource?

Relevant content