Detects when AWS Bedrock model invocation logging configuration is deleted or overwritten via CloudTrail events for DeleteModelInvocationLoggingConfiguration or PutModelInvocationLoggingConfiguration. Bedrock model invocation logging feeds logs-aws_bedrock.invocation-*, which underpin all Bedrock data-plane detections. Deleting the configuration disables telemetry; overwriting it with Put can redirect logs to an attacker-controlled or unmonitored destination. The rule filters for successful actions from the Bedrock provider (bedrock.amazonaws.com) and inspects the destination parameters to verify ownership/monitoring (S3 bucket/key prefix and CloudWatch log group). This is a high-value defense-evasion technique because it blinds the entire data-plane detection stack. The rule supports rapid detection of tampering and logging misdirection, enabling quick containment and recovery actions.