Amazon just made your S3 audit trail smarter and more secure.
As of June 11, 2025, AWS CloudTrail now provides granular visibility into bulk S3 object deletions made via the DeleteObjects API — helping you better monitor, secure, and comply with your S3 usage.
🧠 What’s the Problem?
When using the DeleteObjects API to delete multiple files (like when deleting folders from the S3 console), CloudTrail used to log only a single event:
- Who called the API
- Which bucket was affected
But…
❌ No visibility into what objects were deleted.
❌ No way to audit deletions on a per-file basis.
✅ What’s New?
CloudTrail now logs:
- ✅ The main DeleteObjects API call (as before)
- 🆕 Individual DeleteObject events for each object in the request
This gives you object-level visibility, even in bulk deletes!
🔐 Why This Matters
Problem Solved | Benefit |
---|---|
No audit trail per object | ✅ See which files were deleted |
Limited compliance reporting | ✅ Helps meet security & compliance standards |
Blind spots in bulk deletions | ✅ Clear, per-object logs for investigation |
🧪 Example Use Case
You delete 500 files from an S3 bucket using the AWS Console (which internally calls DeleteObjects).
Now, CloudTrail logs:
- 1 event for the DeleteObjects call
- 500 individual DeleteObject data events (1 per object)
Perfect for:
- 📊 Compliance audits
- 🔎 Security investigations
- ⚠️ Accidental deletion tracking
🎯 Pro Tip: Use Event Selectors Wisely
Don’t want to log every delete across every bucket?
Use advanced event selectors in CloudTrail to:
- Target specific buckets
- Filter by API name
- Limit unnecessary logs and reduce cost
🧾 TL;DR
- CloudTrail now logs per-object deletes inside bulk DeleteObjects requests
- Better security, visibility, and compliance
- Works with the S3 console and any bulk delete API call