heroui logo

AWS Bedrock API Key Phantom User Activity Outside Bedrock

Elastic Detection Rules

View Source
Summary
This rule detects misuse of an Amazon Bedrock API key phantom user (an IAM user named BedrockAPIKey-*) by identifying calls made outside the Bedrock service boundary. Bedrock API keys are backed by standard IAM keys and carry the AmazonBedrockLimitedAccess policy, which grants reconnaissance capabilities across Bedrock control-plane actions plus IAM, VPC, and KMS. If an attacker adds standard IAM access keys or a login profile to the phantom user and then uses them to call non-Bedrock APIs (such as IAM, STS, EC2, VPC, or KMS), the credentials are used beyond their intended Bedrock scope, representing a privilege-escalation path and potential lateral movement. The rule fires when CloudTrail data shows a BedrockAPIKey-* IAMUser calling a non-Bedrock provider, excluding benign no-op STS calls. Specifically, it looks for: aws.cloudtrail dataset with aws.cloudtrail.user_identity.type: IAMUser, user.name matching BedrockAPIKey-*, event.provider not in Bedrock-related providers, and event.action not in GetCallerIdentity/GetSessionToken/GetAccessKeyInfo. Excluding these no-ops reduces false positives from legitimate credential checks. The detection maps to MITRE ATT&CK technique T1078 (Valid Accounts) with subtechnique T1078.004 (Cloud Accounts) under Privilege Escalation, and is configured as a high-severity, risk-weighted alert. Investigation guidance includes reviewing event details (user_identity arn, event.provider, event.action), source IPs and user agents, and whether the phantom user has IAM access keys or a login profile. Correlate with any CreateAccessKey or CreateLoginProfile events for the same user. Remediation steps include disabling/removing the phantom user’s keys and login profile, deleting the phantom user after preserving forensics, and applying an SCP to prevent iam:CreateAccessKey and iam:CreateLoginProfile on BedrockAPIKey-* users. This rule requires CloudTrail data ingested via the Elastic AWS integration. False positives may occur from automation or SDKs performing benign non-Bedrock validation; such cases should be validated and sanctioned before marking as a real incident.
Categories
  • Cloud
  • AWS
Data Sources
  • Cloud Service
ATT&CK Techniques
  • T1078
  • T1078.004
Created: 2026-07-06