🔍 AWS CloudTrail Now Logs Individual S3 Object Deletes in Bulk Operations
Latchu@DevOps

Latchu@DevOps @latchudevops

About: Infra. Automation. Impact

Location:
Chennai, India
Joined:
Apr 10, 2025

🔍 AWS CloudTrail Now Logs Individual S3 Object Deletes in Bulk Operations

Publish Date: Jun 12
0 0

Amazon just made your S3 audit trail smarter and more secure.

As of June 11, 2025, AWS CloudTrail now provides granular visibility into bulk S3 object deletions made via the DeleteObjects API — helping you better monitor, secure, and comply with your S3 usage.


🧠 What’s the Problem?

When using the DeleteObjects API to delete multiple files (like when deleting folders from the S3 console), CloudTrail used to log only a single event:

  • Who called the API
  • Which bucket was affected

But…

❌ No visibility into what objects were deleted.
❌ No way to audit deletions on a per-file basis.


✅ What’s New?

CloudTrail now logs:

  • ✅ The main DeleteObjects API call (as before)
  • 🆕 Individual DeleteObject events for each object in the request

This gives you object-level visibility, even in bulk deletes!


🔐 Why This Matters

Problem Solved Benefit
No audit trail per object ✅ See which files were deleted
Limited compliance reporting ✅ Helps meet security & compliance standards
Blind spots in bulk deletions ✅ Clear, per-object logs for investigation

🧪 Example Use Case

You delete 500 files from an S3 bucket using the AWS Console (which internally calls DeleteObjects).

Now, CloudTrail logs:

  • 1 event for the DeleteObjects call
  • 500 individual DeleteObject data events (1 per object)

Perfect for:

  • 📊 Compliance audits
  • 🔎 Security investigations
  • ⚠️ Accidental deletion tracking

🎯 Pro Tip: Use Event Selectors Wisely

Don’t want to log every delete across every bucket?

Use advanced event selectors in CloudTrail to:

  • Target specific buckets
  • Filter by API name
  • Limit unnecessary logs and reduce cost

🧾 TL;DR

  • CloudTrail now logs per-object deletes inside bulk DeleteObjects requests
  • Better security, visibility, and compliance
  • Works with the S3 console and any bulk delete API call

Comments 0 total

    Add comment