AWS Bedrock API Key Phantom User Activity Outside Bedrock

Last updated 3 days ago on 2026-07-06
Created 3 days ago on 2026-07-06

About

Identifies an Amazon Bedrock API key phantom user (an IAM user whose name starts with "BedrockAPIKey-") acting as the caller of a non-Bedrock API request, such as IAM, STS, EC2, VPC, or KMS calls. These users are provisioned by AWS to back a Bedrock bearer token and carry the AmazonBedrockLimitedAccess managed policy, which also grants IAM, VPC, and KMS reconnaissance. A phantom user performing activity outside of Bedrock indicates its credentials are being used beyond their intended scope, which is the privilege-escalation path realized: an attacker who created standard IAM access keys for the phantom user is now using them for reconnaissance or lateral movement outside the Bedrock authentication boundary.
Tags
Domain: CloudDomain: LLMData Source: AWSData Source: AWS CloudTrailData Source: Amazon Web ServicesData Source: AWS IAMData Source: Amazon BedrockUse Case: Threat DetectionTactic: Privilege EscalationLanguage: kuery
Severity
high
Risk Score
73
MITRE ATT&CK™

Privilege Escalation (TA0004)(external, opens in a new tab or window)

False Positive Examples
Automation or SDK tooling configured with a Bedrock API key may call non-Bedrock APIs for benign credential validation. Ubiquitous no-op STS identity calls (GetCallerIdentity, GetSessionToken, GetAccessKeyInfo) are excluded; other non-Bedrock activity by a BedrockAPIKey-* principal — recon, privilege escalation, lateral movement, or exfiltration — is unexpected for an inference-only key. Confirm the key and source in "source.ip"/"user_agent.original" are sanctioned.
License
Elastic License v2(external, opens in a new tab or window)

Definition

Rule Type
Query (Kibana Query Language)
Integration Pack
Prebuilt Security Detection Rules
Index Patterns
logs-aws.cloudtrail-*
Related Integrations

aws(external, opens in a new tab or window)

Query
text code block:
data_stream.dataset: "aws.cloudtrail" and aws.cloudtrail.user_identity.type: "IAMUser" and user.name: BedrockAPIKey-* and not event.provider: ( "bedrock.amazonaws.com" or "signin.amazonaws.com" or "agreement-marketplace.amazonaws.com" or "discovery-marketplace.amazonaws.com" ) and not event.action: ("GetCallerIdentity" or "GetSessionToken" or "GetAccessKeyInfo")

Install detection rules in Elastic Security

Detect AWS Bedrock API Key Phantom User Activity Outside Bedrock in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(external, opens in a new tab or window).