Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™

Enable Deletion Protection for Model Invocation Log Storage

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that the Amazon S3 bucket configured as the destination for Amazon Bedrock model invocation logs is protected against unauthorized deletion by enabling S3 object versioning together with either the Multi-Factor Authentication (MFA) Delete feature or the S3 Object Lock feature. When model invocation logging is enabled with an Amazon S3 destination, Amazon Bedrock delivers the full request data, response data, and metadata for all "Converse", "ConverseStream", "InvokeModel", and "InvokeModelWithResponseStream" API calls to the specified bucket. S3 versioning preserves every version of the delivered log objects, while MFA Delete requires a valid authentication token before any versioned object can be permanently deleted, and S3 Object Lock stores the log objects in an immutable, write-once-read-many (WORM) form for the duration of a retention period. Configuring these controls on the log destination bucket ensures that the invocation log data cannot be silently removed.

Security

Amazon Bedrock model invocation logs are the primary forensic record of how your generative AI models are used, and they are essential for detecting and investigating jailbreaking, prompt injection, and data exfiltration activity. A principal with the "s3:DeleteObject" permission (or "logs:DeleteLogStream" for a CloudWatch destination) can scrub these records to eliminate the evidence trail entirely, leaving no trace of the malicious activity. By enabling S3 object versioning together with MFA Delete or S3 Object Lock on the log destination bucket, you prevent both accidental and intentional deletion of the log data: versioning retains prior object versions, MFA Delete blocks permanent deletion without a physical authentication token, and Object Lock enforces immutability that even privileged users cannot override during the retention period.


Audit

To determine if the Amazon S3 bucket storing Amazon Bedrock model invocation logs is protected against unauthorized deletion, perform the following operations:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

  3. In the main navigation panel, select Settings to access the account level settings available for Amazon Bedrock.

  4. In the Model invocation logging section, verify that the Model invocation logging toggle switch is enabled and that an S3 location is configured under Select the logging destinations. Note the destination bucket name.

  5. Navigate to the Amazon S3 console at https://console.aws.amazon.com/s3/ and click on the name of the log destination bucket identified at the previous step to access the bucket configuration settings.

  6. Select the Properties tab from the console menu to access the bucket properties.

  7. In the Bucket Versioning section, check the Bucket Versioning attribute value. If the attribute value is set to Disabled or Suspended, S3 object versioning is not enabled for the log destination bucket, therefore the deletion protection configuration is not compliant.

  8. In the same Bucket Versioning section, check the Multi-factor authentication (MFA) delete attribute value, then scroll to the Object Lock section and check the Object Lock attribute value. If Multi-factor authentication (MFA) delete is set to Disabled and Object Lock is set to Disabled, neither deletion protection control is enabled for the log destination bucket, therefore the deletion protection configuration is not compliant.

  9. Change the AWS cloud region from the console navigation bar and repeat steps no. 3 – 8 for each region where Amazon Bedrock model invocation logging is configured with an Amazon S3 destination.

Using AWS CLI

  1. Run get-model-invocation-logging-configuration command (OSX/Linux/UNIX) with custom output filters to return the name of the Amazon S3 bucket configured as the destination for Amazon Bedrock model invocation logging in the selected AWS region:

    aws bedrock get-model-invocation-logging-configuration
    --region us-east-1
    --query 'loggingConfig.s3Config.bucketName'
    
  2. The command output should return the requested S3 bucket name:

    "cc-bedrock-invocation-logs"
    

    If the output returns null, model invocation logging is not configured with an Amazon S3 destination in the selected region and there is no destination bucket to validate.

  3. Run get-bucket-versioning command (OSX/Linux/UNIX) using the name of the log destination bucket returned at the previous step as the identifier parameter to describe the S3 object versioning status and the Multi-Factor Authentication (MFA) Delete status available for the selected bucket:

    aws s3api get-bucket-versioning
    --bucket cc-bedrock-invocation-logs
    --query '{Status:Status,MFADelete:MFADelete}'
    
  4. The command output should return the requested configuration information:

    {
        "Status": null,
        "MFADelete": null
    }
    

    If the "Status" value is null or "Suspended", S3 object versioning is not enabled for the log destination bucket, therefore the deletion protection configuration is not compliant.

  5. Run get-object-lock-configuration command (OSX/Linux/UNIX) using the name of the log destination bucket as the identifier and custom query filters to describe the Object Lock feature configuration status available for the selected bucket:

    aws s3api get-object-lock-configuration
    --bucket cc-bedrock-invocation-logs
    --query 'ObjectLockConfiguration.ObjectLockEnabled'
    
  6. The command output should return the requested configuration status or the ObjectLockConfigurationNotFoundError error message if there is no Object Lock configuration defined for the specified S3 bucket:

    An error occurred (ObjectLockConfigurationNotFoundError) when calling the GetObjectLockConfiguration operation: Object Lock configuration does not exist for this bucket
    

    If the "MFADelete" value returned at step no. 3 is null (i.e. not "Enabled") and the get-object-lock-configuration command output returns the ObjectLockConfigurationNotFoundError error message (as shown in the example above), neither the MFA Delete feature nor the Object Lock feature is enabled for the log destination bucket, therefore the deletion protection configuration is not compliant.

  7. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 6 for each region where Amazon Bedrock model invocation logging is configured with an Amazon S3 destination.

Remediation / Resolution

To protect the Amazon S3 bucket storing Amazon Bedrock model invocation logs against unauthorized deletion, enable S3 object versioning together with either the Multi-Factor Authentication (MFA) Delete feature or the S3 Object Lock feature, by performing the following operations:

Note: MFA Delete and Object Lock both require S3 object versioning to be enabled first. MFA Delete can only be enabled by the AWS root account, and only through the AWS CLI or SDKs (not the AWS Management Console). As an alternative, Object Lock can be enabled directly on an existing bucket, but it only protects objects delivered after it is enabled — apply a retention period or legal hold to protect any pre-existing log objects as well.

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon S3 console at https://console.aws.amazon.com/s3/.

  3. Click on the name of the Amazon Bedrock log destination bucket that you want to reconfigure (see Audit section part I to identify the right resource).

  4. Select the Properties tab from the console menu to access the bucket properties.

  5. In the Bucket Versioning section, choose Edit, select Enable under Bucket Versioning, and choose Save changes to enable S3 object versioning for the log destination bucket. S3 object versioning is a prerequisite for both MFA Delete and Object Lock.

  6. Enable one of the following deletion protection controls for the log destination bucket:

    1. Enable the MFA Delete feature by following the steps described in the Using AWS CLI section below (enabling MFA Delete is not supported through the AWS Management Console); or
    2. Scroll to the Object Lock section, choose Edit, select Enable, acknowledge the confirmation prompt, and choose Save changes to enable Object Lock directly on the existing bucket.
  7. Change the AWS cloud region from the console navigation bar and repeat steps no. 3 – 6 for each region where a non-compliant model invocation log destination bucket is configured.

Using AWS CLI

Option 1: Enable S3 object versioning together with MFA Delete

  1. Run put-bucket-versioning command (OSX/Linux/UNIX) using the name of the log destination bucket that you want to reconfigure as the identifier parameter (see Audit section part II to identify the right resource), to enable S3 object versioning together with the MFA Delete feature for the selected bucket. Use the Multi-Factor Authentication (MFA) device configured for your AWS root account and replace the highlighted access details with your own (<passcode> represents the value that is displayed on your authentication device). If the request is successful, the command does not produce an output:

    aws s3api put-bucket-versioning
    --bucket cc-bedrock-invocation-logs
    --versioning-configuration '{"MFADelete":"Enabled","Status":"Enabled"}'
    --mfa 'arn:aws:iam::<aws-account-id>:mfa/root-account-mfa-device <passcode>'
    
  2. Run get-bucket-versioning command (OSX/Linux/UNIX) using the name of the log destination bucket as the identifier parameter to verify that both S3 object versioning and the MFA Delete feature are now enabled:

    aws s3api get-bucket-versioning
    --bucket cc-bedrock-invocation-logs
    --query '{Status:Status,MFADelete:MFADelete}'
    
  3. The command output should return "Enabled" for both the "Status" and "MFADelete" attributes:

    {
        "Status": "Enabled",
        "MFADelete": "Enabled"
    }
    
  4. Change the AWS cloud region by updating the destination bucket and repeat steps no. 1 – 3 for each region where a non-compliant model invocation log destination bucket is configured.

Option 2: Enable S3 Object Lock on the existing bucket

  1. Run put-bucket-versioning command (OSX/Linux/UNIX) using the name of the log destination bucket that you want to reconfigure as the identifier parameter, to enable S3 object versioning for the selected bucket (a prerequisite for Object Lock):

    aws s3api put-bucket-versioning
    --bucket cc-bedrock-invocation-logs
    --versioning-configuration Status=Enabled
    
  2. Run put-object-lock-configuration command (OSX/Linux/UNIX) using the name of the log destination bucket as the identifier parameter, to enable Object Lock directly on the existing bucket (the command does not produce an output):

    aws s3api put-object-lock-configuration
    --bucket cc-bedrock-invocation-logs
    --object-lock-configuration ObjectLockEnabled=Enabled
    
  3. Run get-object-lock-configuration command (OSX/Linux/UNIX) to verify that Object Lock is now enabled for the selected bucket:

    aws s3api get-object-lock-configuration
    --bucket cc-bedrock-invocation-logs
    --query 'ObjectLockConfiguration.ObjectLockEnabled'
    
  4. The command output should return "Enabled":

    "Enabled"
    
  5. Change the AWS cloud region by updating the destination bucket and repeat steps no. 1 – 4 for each region where a non-compliant model invocation log destination bucket is configured.

References

Publication date Jul 10, 2026