Can we find IP that logged into linux EC2 and ran particular command?

linux amazon-web-services linux-networking

If you configure something like Snoopy beforehand then you may be able to correlate the IP with the TTY and with the command.

But note that it must be done before the activity and it can relatively easily be inhibited if someone is keen to hide their actions.

However you may still be lucky - check the output of last command to see who was logged in and from where. If there was only one user logged in at the time the command was run that's possibly your user/IP.

Related

Will moving my same domain name to new host affect my subdomains?
QNAP TS-228 u-boot firmware
Word for Mac: Quickly checking a check box
Location based homekit automation is not triggering
Terminal > Window shows all tabs (High Sierra)
System Administrator Profile shows up after auto-lock High Sierra
dtrace/dtruss command to see what files a command tries to open?
Skype Crash Mac OS High Sierra 10.13.1 - How to fix this?
How to sync photos from iOS to MacBook just as songs sync from MacBook to iOS
cannot associate csv file with excel
Siri unable to determine my location despite location services enabled
Display arrangement keeps changing