Ensure that the Amazon S3 bucket configured as the destination for Amazon Bedrock model invocation logs is protected against unauthorized deletion by enabling S3 object versioning together with either the Multi-Factor Authentication (MFA) Delete feature or the S3 Object Lock feature. When model invocation logging is enabled with an Amazon S3 destination, Amazon Bedrock delivers the full request data, response data, and metadata for all "Converse", "ConverseStream", "InvokeModel", and "InvokeModelWithResponseStream" API calls to the specified bucket. S3 versioning preserves every version of the delivered log objects, while MFA Delete requires a valid authentication token before any versioned object can be permanently deleted, and S3 Object Lock stores the log objects in an immutable, write-once-read-many (WORM) form for the duration of a retention period. Configuring these controls on the log destination bucket ensures that the invocation log data cannot be silently removed.
Amazon Bedrock model invocation logs are the primary forensic record of how your generative AI models are used, and they are essential for detecting and investigating jailbreaking, prompt injection, and data exfiltration activity. A principal with the "s3:DeleteObject" permission (or "logs:DeleteLogStream" for a CloudWatch destination) can scrub these records to eliminate the evidence trail entirely, leaving no trace of the malicious activity. By enabling S3 object versioning together with MFA Delete or S3 Object Lock on the log destination bucket, you prevent both accidental and intentional deletion of the log data: versioning retains prior object versions, MFA Delete blocks permanent deletion without a physical authentication token, and Object Lock enforces immutability that even privileged users cannot override during the retention period.
Audit
To determine if the Amazon S3 bucket storing Amazon Bedrock model invocation logs is protected against unauthorized deletion, perform the following operations:
Remediation / Resolution
To protect the Amazon S3 bucket storing Amazon Bedrock model invocation logs against unauthorized deletion, enable S3 object versioning together with either the Multi-Factor Authentication (MFA) Delete feature or the S3 Object Lock feature, by performing the following operations:
Note: MFA Delete and Object Lock both require S3 object versioning to be enabled first. MFA Delete can only be enabled by the AWS root account, and only through the AWS CLI or SDKs (not the AWS Management Console). As an alternative, Object Lock can be enabled directly on an existing bucket, but it only protects objects delivered after it is enabled — apply a retention period or legal hold to protect any pre-existing log objects as well.References
- AWS Documentation
- Monitor model invocation using CloudWatch Logs and Amazon S3
- Retaining multiple versions of objects with S3 Versioning
- Configuring MFA delete
- Locking objects with Object Lock
- AWS Command Line Interface (CLI) Documentation
- get-model-invocation-logging-configuration
- get-bucket-versioning
- put-bucket-versioning
- get-object-lock-configuration
- put-object-lock-configuration