2025 06 11

AWS – AWS CloudTrail enhances logging for Amazon S3 DeleteObjects API

Today, AWS announces an enhancement to Amazon S3 DeleteObjects API logging in AWS CloudTrail, bringing additional visibility into the bulk delete operations to help you better protect and monitor the usage of your Amazon S3 buckets.

Amazon S3’s DeleteObjects API enables bulk object deletion in a single operation and serves as the default method for console-based deletions.

Earlier, when you deleted multiple S3 objects using the DeleteObjects API call, CloudTrail logged the DeleteObjects API call as a single event, giving you the visibility on who initiated the call and on which bucket. However, this event does not contain information on what objects were included or successfully deleted. With this update, CloudTrail will provide granular visibility by logging:

The overall DeleteObjects API call event (as before)
Individual DeleteObject events for each object included in the bulk delete request (new)

This enhancement provides visibility into the individual S3 objects that were deleted as part of bulk delete request. These detailed records strengthen your security posture and support your compliance requirements with more complete information about deletion activities in your S3 buckets. You can also use advanced events selectors to log only the most relevant data events for your use case. To learn how to use advanced event selectors to exclude these additional DeleteObject data events, review our documentation.

AWS – AWS CloudTrail enhances logging for Amazon S3 DeleteObjects API

Related Posts

AWS – Announcing price reductions for Amazon SageMaker AI GPU-accelerated instances

AWS – Amazon EKS Pod Identity simplifies the experience for cross-account access

AWS – AWS WAF now supports automatic application layer distributed denial of service (DDoS) protection