AWS snapshot automation
Solution 1:
You may have to look in CloudTrail to find out what IAM Role was used to create the snapshots. That should take you in the right direction - whether it's a CloudWatch role, EC2 role, or some external script using IAM User keys.
Also have a look at AWS Backup - perhaps that is being used to create the images. In that case you can set the lifecycle policy there, e.g. delete snapshots after 4 weeks, etc.
Hope that helps :)
Solution 2:
Your best friend here will be CloudTrail. Turn it on if it's not enabled already and look for the CreateSnapshot activity, you can filter the results. Once you find out which service is doing it or which user/role authorized it, you'll have a starting point. Don't be afraid to ask around your coworkers if you find a non-descriptive user or role. You can go into the role's details in IAM and use the "Access Advisor" to see where and by what the role is being used (afaik this doesn't work with user access keys).
After you tracked it down, I would highly suggest implementing the Data Lifecycle Manager instead of doing anything yourselves, but I have a hunch you're already planning this, just needed to mention.