5.3.2. Audit Logging and Source Tracking

💡 First Principle: Audit logging for GenAI must capture the complete decision context — not just that an FM was invoked, but what prompt it received, what context was retrieved, what response it produced, and what safety controls were active. Without this, you cannot investigate incidents, prove compliance, or detect drift.

Bedrock Model Invocation Logs — the primary audit record: Enable Model Invocation Logging in Bedrock to capture every request and response:

# Enable Bedrock invocation logging to CloudWatch and S3
bedrock.put_model_invocation_logging_configuration(
    loggingConfig={
        'cloudWatchConfig': {
            'logGroupName': '/aws/bedrock/model-invocations',
            'roleArn': 'arn:aws:iam::123456789:role/BedrockLoggingRole',
            'largeDataDeliveryS3Config': {
                'bucketName': 'my-bedrock-logs',
                'keyPrefix': 'large-payloads/'  # Prompts > 2KB go to S3
            }
        },
        's3Config': {
            'bucketName': 'my-bedrock-logs',
            'keyPrefix': 'invocations/',
            'encryptionKeyId': 'arn:aws:kms:...:key/KEY-ID'
        },
        'textDataDeliveryEnabled': True,
        'imageDataDeliveryEnabled': True
    }
)

CloudTrail for control plane audit: CloudTrail captures every Bedrock management action — who created or modified a Guardrails configuration, who updated a prompt template, who changed a Knowledge Base sync schedule:

# CloudTrail event example: prompt template modification
{
    "eventName": "UpdatePrompt",
    "eventSource": "bedrock.amazonaws.com",
    "userIdentity": {"arn": "arn:aws:iam::123456789:user/alice@company.com"},
    "requestParameters": {
        "promptIdentifier": "arn:aws:bedrock:us-east-1:123456789:prompt/PROMPTID",
        "variants": [{"name": "main-variant", "templateType": "TEXT"}]
    },
    "eventTime": "2024-10-15T14:23:41Z",
    "sourceIPAddress": "10.0.1.45"
}

Source attribution in FM responses: Bedrock Knowledge Bases automatically returns source citations with retrieved chunks:

response = bedrock_agent_runtime.retrieve_and_generate(
    input={'text': user_query},
    retrieveAndGenerateConfiguration={
        'type': 'KNOWLEDGE_BASE',
        'knowledgeBaseConfiguration': {
            'knowledgeBaseId': 'KBID12345',
            'modelArn': 'arn:aws:bedrock:...:foundation-model/claude-3-sonnet...'
        }
    }
)

# Response includes source citations
citations = response['citations']
for citation in citations:
    source = citation['retrievedReferences'][0]['location']['s3Location']['uri']
    text_excerpt = citation['retrievedReferences'][0]['content']['text']
    print(f"Response supported by: {source} — '{text_excerpt[:100]}...'")

⚠️ Exam Trap: Bedrock Model Invocation Logs captures data plane events (actual model calls, prompts, responses). CloudTrail captures control plane events (configuration changes, IAM actions). Exam scenarios about "who changed the Guardrails configuration on Friday" → CloudTrail. Scenarios about "what prompt was sent in the invocation that produced the incorrect response" → Bedrock Model Invocation Logs.

Reflection Question: During an incident review, you need to answer: (1) which IAM user modified the Guardrails configuration last Thursday, (2) what system prompt was in use at the time of the problematic responses, and (3) what retrieved documents were included in the context of the specific query that produced the wrong answer. Which log source answers each question?