Elastic Security Detection Rules

AWS Bedrock Agent Created by IAM User or Root

Last updated 3 days ago on 2026-06-04
Created 3 days ago on 2026-06-04

About

Identifies AWS Bedrock Agent creation performed directly by an IAM user or the root account. Bedrock Agents are autonomous AI systems that execute multi-step tasks, invoke Lambda action groups to call external APIs, and query knowledge bases. Adversaries with access to an AWS account can create rogue agents configured to exfiltrate data via action group Lambda functions, pivot to other services, or act as a persistent AI-driven command-and-control channel. This rule is scoped to IAMUser and Root identity types — AssumedRole sessions (which represent automated CI/CD pipelines and SSO-federated engineers) are excluded to avoid global false positives from legitimate deployment automation that varies widely across customer environments.
Tags
Domain: CloudDomain: LLMData Source: AWSData Source: AWS CloudTrailData Source: Amazon Web ServicesData Source: Amazon BedrockUse Case: Threat DetectionTactic: PersistenceLanguage: kuery
Severity
low
Risk Score
21
MITRE ATT&CK™

Persistence (TA0003)(external, opens in a new tab or window)

Server Software Component (T1505)(external, opens in a new tab or window)

False Positive Examples
Developers or administrators creating Bedrock agents interactively using personal IAM user credentials. This is the intended detection surface — validate the identity against known developer accounts and confirm the agent configuration (instruction, action groups, model) matches a known project.
License
Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type
Query (Kibana Query Language)
Integration Pack
Prebuilt Security Detection Rules
Index Patterns
logs-aws.cloudtrail-*
Related Integrations

aws(external, opens in a new tab or window)

Query
text code block:
data_stream.dataset: "aws.cloudtrail"
    and event.provider: "bedrock.amazonaws.com"
    and event.action: "CreateAgent"
    and event.outcome: "success"
    and aws.cloudtrail.user_identity.type: ("IAMUser" or "Root")

Install detection rules in Elastic Security

Detect AWS Bedrock Agent Created by IAM User or Root in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).