How to Intermediate · 3 min read

AWS Bedrock audit logging

Quick answer
Enable AWS Bedrock audit logging by configuring AWS CloudTrail to capture Bedrock API calls and events. This allows tracking of user activity and API usage for compliance and security auditing within your AWS environment.

PREREQUISITES

  • AWS CLI installed and configured
  • AWS account with Bedrock and CloudTrail permissions
  • Python 3.8+ for SDK usage (optional)
  • pip install boto3

Setup audit logging

Start by enabling AWS CloudTrail in your AWS account to capture Bedrock API calls. Create or use an existing trail that logs management events and data events for Bedrock services. Ensure the trail is configured to deliver logs to an S3 bucket for storage and analysis.

bash
aws cloudtrail create-trail --name BedrockTrail --s3-bucket-name your-bedrock-logs-bucket
aws cloudtrail start-logging --name BedrockTrail
output 
Trail created.
Logging started.

Step by step usage with Python

Use the boto3 SDK to query CloudTrail logs for Bedrock API calls. This example lists recent Bedrock-related events for audit purposes.

python
import boto3
import datetime

client = boto3.client('cloudtrail')

# Define time range for events
end_time = datetime.datetime.utcnow()
start_time = end_time - datetime.timedelta(hours=1)

response = client.lookup_events(
    LookupAttributes=[{'AttributeKey': 'EventSource', 'AttributeValue': 'bedrock.amazonaws.com'}],
    StartTime=start_time,
    EndTime=end_time,
    MaxResults=10
)

for event in response['Events']:
    print(f"Event: {event['EventName']}, User: {event['Username']}, Time: {event['EventTime']}")
output 
Event: InvokeModel, User: alice@example.com, Time: 2026-04-15 14:23:01+00:00
Event: CreateModel, User: bob@example.com, Time: 2026-04-15 14:10:45+00:00

Common variations

  • Use AWS CloudWatch Logs Insights to run queries on Bedrock audit logs for advanced filtering and alerting.
  • Enable multi-region trails to capture Bedrock events across all AWS regions.
  • Integrate with AWS Security Hub or SIEM tools for centralized audit monitoring.

Troubleshooting

  • If Bedrock events do not appear in CloudTrail logs, verify that the trail is active and includes management events.
  • Ensure the S3 bucket permissions allow CloudTrail to write logs.
  • Check IAM permissions for your user or role to access CloudTrail and Bedrock logs.

Key Takeaways

  • Enable AWS CloudTrail to capture Bedrock API calls for audit logging.
  • Use boto3 or AWS Console to query and analyze Bedrock audit events.
  • Configure multi-region trails and integrate with monitoring tools for comprehensive auditing.
Verified 2026-04
Verify ↗

People also ask

🛠 How to audit AI model for bias AI Safety 🛠 How to audit LLM application security ai-security 🛠 Anthropic Enterprise audit logs anthropic-enterprise 🛠 AWS Bedrock CloudTrail integration aws-bedrock-enterprise 🛠 AWS Bedrock compliance certifications aws-bedrock-enterprise

Up next

🛠 AWS Bedrock CloudTrail integration 🛠 AWS Bedrock compliance certifications 🛠 AWS Bedrock cost monitoring with CloudWatch 🛠 AWS Bedrock cost optimization strategies

More in Guides

🛠 AWS Bedrock CloudTrail integration 🛠 AWS Bedrock compliance certifications 🛠 AWS Bedrock cost monitoring with CloudWatch 🛠 AWS Bedrock cost optimization strategies