Posted On: Apr 13, 2021

AWS Identity and Access Management (IAM) now provides the ability to easily identify the user responsible for an AWS action performed while assuming an IAM role. By setting the new source identity attribute, which gets logged in AWS CloudTrail for most actions, you can easily find out who is responsible for actions performed using IAM roles.  

When the source identity attribute is set, you can easily connect an event logged by AWS CloudTrail with the identity of the user or application who performed that action. You no longer need to assemble multiple CloudTrail log entries, potentially across multiple accounts, in order to identify the specific user or application who performed an action while assuming a role. This is true even for role chaining, where a user uses one IAM role to assume another IAM role. This gives IAM administrators and security professionals more confidence in the audit trail for most actions.

To learn more about this feature for your workforce users, see IAM documentation.