AWS Bedrock Unauthorized Foundation Model Access Attempt

Last updated 3 days ago on 2026-06-04

Created 3 days ago on 2026-06-04

About

Identifies failed, access-denied attempts to enable account-level access to an Amazon Bedrock foundation model, either by granting a foundation-model entitlement, submitting a use case for model access, or creating a foundation-model agreement (accepting the EULA). These account-level "model access" actions unlock a foundation model so that it can subsequently be invoked. A principal that is repeatedly denied when attempting these actions may be a compromised or under-privileged identity probing for the ability to unlock expensive models (LLMjacking) or to establish a durable ability to invoke models. Unlike the companion rule that detects successful model-access grants, this rule surfaces the attempt itself, which is a high-signal indicator of credential boundary-testing even though access was not granted.

Tags

Domain: CloudDomain: LLMData Source: AWSData Source: AWS CloudTrailData Source: Amazon Web ServicesData Source: Amazon BedrockUse Case: Threat DetectionTactic: PersistenceLanguage: kuery

Severity

low

Risk Score

MITRE ATT&CK™

Persistence (TA0003)(external, opens in a new tab or window)

↳ Account Manipulation (T1098)(external, opens in a new tab or window)

False Positive Examples

Access-denied errors can result from benign permission gaps: a newly created role or user whose IAM policy has not yet been provisioned, automation pipelines running ahead of permission grants, or ML teams experimenting in non-production accounts during onboarding. Verify that the principal, source IP, and user agent are expected before escalating. Recurring denials from known onboarding or provisioning workflows can be exempted for specific users or roles.

License

Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type: Query (Kibana Query Language)
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: logs-aws.cloudtrail-*
Related Integrations: aws(external, opens in a new tab or window)
Query

✄𐘗text code block:
✄𐘗data_stream.dataset: "aws.cloudtrail"
    and event.provider: "bedrock.amazonaws.com"
    and event.action: (
        "PutFoundationModelEntitlement" or
        "PutUseCaseForModelAccess" or
        "CreateFoundationModelAgreement"
    )
    and event.outcome: "failure"
    and aws.cloudtrail.error_code: (
        "AccessDenied" or
        "AccessDeniedException"
    )

Install detection rules in Elastic Security

Detect AWS Bedrock Unauthorized Foundation Model Access Attempt in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).