Can we find IP that logged into linux EC2 and ran particular command?

If you configure something like Snoopy beforehand then you may be able to correlate the IP with the TTY and with the command.

But note that it must be done before the activity and it can relatively easily be inhibited if someone is keen to hide their actions.


However you may still be lucky - check the output of last command to see who was logged in and from where. If there was only one user logged in at the time the command was run that's possibly your user/IP.