How to Intermediate · 3 min read

AWS Bedrock CloudTrail integration

Q: AWS Bedrock CloudTrail integration

To integrate AWS Bedrock with AWS CloudTrail, enable CloudTrail in your AWS account to capture Bedrock API calls automatically. Use the boto3 SDK to configure and query CloudTrail logs for auditing Bedrock usage and API activity.

Quick answer

To integrate AWS Bedrock with AWS CloudTrail, enable CloudTrail in your AWS account to capture Bedrock API calls automatically. Use the boto3 SDK to configure and query CloudTrail logs for auditing Bedrock usage and API activity.

PREREQUISITES

Python 3.8+
AWS CLI configured with appropriate IAM permissions
pip install boto3
AWS account with Bedrock and CloudTrail enabled

Setup CloudTrail for Bedrock

Enable AWS CloudTrail in your AWS account to start logging API calls made to AWS Bedrock. CloudTrail automatically records Bedrock service events without additional configuration. Ensure you have an active trail that delivers logs to an S3 bucket for storage and analysis.

bash

aws cloudtrail create-trail --name BedrockTrail --s3-bucket-name your-cloudtrail-bucket
aws cloudtrail start-logging --name BedrockTrail

output

Started logging for trail BedrockTrail

Query Bedrock events with Python

Use the boto3 SDK to query CloudTrail logs for Bedrock API calls. The example below shows how to lookup events filtered by the Bedrock service name.

python

import boto3

client = boto3.client('cloudtrail')

response = client.lookup_events(
    LookupAttributes=[
        {
            'AttributeKey': 'EventSource',
            'AttributeValue': 'bedrock.amazonaws.com'
        },
    ],
    MaxResults=5
)

for event in response['Events']:
    print(f"Event ID: {event['EventId']}")
    print(f"Event Name: {event['EventName']}")
    print(f"Event Time: {event['EventTime']}")
    print(f"Username: {event.get('Username', 'N/A')}\n")

output

Event ID: 1234abcd-5678-efgh-9012-ijklmnopqrst
Event Name: InvokeModel
Event Time: 2026-04-01 12:34:56+00:00
Username: alice@example.com

Event ID: 5678efgh-1234-abcd-9012-mnopqrstuvwx
Event Name: CreateModel
Event Time: 2026-04-01 12:00:00+00:00
Username: bob@example.com

Common variations

You can customize CloudTrail queries by filtering on EventName, Username, or time ranges. For asynchronous or large-scale log analysis, consider using AWS Athena to query CloudTrail logs stored in S3.

python

import boto3
from datetime import datetime, timedelta

client = boto3.client('cloudtrail')

start_time = datetime.utcnow() - timedelta(days=1)

response = client.lookup_events(
    LookupAttributes=[
        {'AttributeKey': 'EventSource', 'AttributeValue': 'bedrock.amazonaws.com'},
        {'AttributeKey': 'EventName', 'AttributeValue': 'InvokeModel'}
    ],
    StartTime=start_time,
    MaxResults=10
)

for event in response['Events']:
    print(event['EventName'], event['EventTime'])

output

InvokeModel 2026-04-02 10:15:00+00:00
InvokeModel 2026-04-02 09:45:30+00:00

Troubleshooting

If you don't see Bedrock events in CloudTrail, verify that CloudTrail logging is enabled and the trail is active.
Ensure your IAM user or role has cloudtrail:LookupEvents permission.
Check the event source filter uses bedrock.amazonaws.com exactly.

✅

Key Takeaways

Enable CloudTrail to automatically log AWS Bedrock API calls for auditing.
Use boto3's lookup_events to filter and retrieve Bedrock-related events.
Filter events by EventSource = bedrock.amazonaws.com for precise queries.
For large datasets, use AWS Athena to query CloudTrail logs stored in S3.
Ensure proper IAM permissions to access CloudTrail event data.

Verified 2026-04

Verify ↗