Bedrock Logging Parameter NotFunctioning As Documented.

[kjross-amazon]

Describe the bug

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/bedrock/client/put_model_invocation_logging_configuration.html

put_model_invocation_logging_configuration parameter is not handled correctly. The documentation states this:
'videoDataDeliveryEnabled': True|False

When using this parameter with a 'Boolean' value in Lambda I get this error

Parameter validation failed:\nUnknown parameter in loggingConfig: "videoDataDeliveryEnabled", must be one of: cloudWatchConfig, s3Config, textDataDeliveryEnabled, imageDataDeliveryEnabled, embeddingDataDeliveryEnable

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

I expect this parameter to enable or disable logging of video data for Bedrock Invocations.

Current Behavior

Error

Reproduction Steps

Requires a properly configured S3 bucket, CloudWatch LogGroup, and BedrockLogginRole
Create a Lambda function with Environment Variables
LOG_GROUP_NAME = /aws/bedrock/model-invocation
LOGGING_ROLE_ARN = arn:aws:iam::123456789012:role/BedrockLoggingRole
S3_BUCKET_NAME = your-logging-bucket-name
S3_KEY_PREFIX = bedrock-logs/ # Optional
Use this code in the Lambda Function
import os
import boto3
from botocore.exceptions import ClientError

def lambda_handler(event, context):
# Initialize Bedrock client
bedrock = boto3.client('bedrock')

try:
    # Get configuration values from environment variables
    log_group_name = os.environ['LOG_GROUP_NAME']
    role_arn = os.environ['LOGGING_ROLE_ARN']
    bucket_name = os.environ['S3_BUCKET_NAME']
    key_prefix = os.environ.get('S3_KEY_PREFIX', 'bedrock-logs/')  # Optional with default
    
    # Create the logging configuration
    logging_config = {
        'cloudWatchConfig': {
            'logGroupName': log_group_name,
            'roleArn': role_arn,
            'largeDataDeliveryS3Config': {
                'bucketName': bucket_name,
                'keyPrefix': key_prefix
            }
        },
        'textDataDeliveryEnabled': True,
        'imageDataDeliveryEnabled': True,
        'embeddingDataDeliveryEnabled': True,
        'videoDataDeliveryEnabled': True
    }
    
    # Set the logging configuration
    response = bedrock.put_model_invocation_logging_configuration(
        loggingConfig=logging_config
    )
    
    return {
        'statusCode': 200,
        'body': 'Bedrock model invocation logging configuration set successfully'
    }
    
except KeyError as e:
    error_message = f'Missing required environment variable: {str(e)}'
    print(error_message)
    return {
        'statusCode': 500,
        'body': error_message
    }
    
except ClientError as e:
    error_message = f'AWS API error: {str(e)}'
    print(error_message)
    return {
        'statusCode': 500,
        'body': error_message
    }
    
except Exception as e:
    error_message = f'Unexpected error: {str(e)}'
    print(error_message)
    return {
        'statusCode': 500,
        'body': error_message
    }

def verify_logging_configuration():
"""Helper function to verify the logging configuration"""
bedrock = boto3.client('bedrock')

try:
    response = bedrock.get_model_invocation_logging_configuration()
    config = response.get('loggingConfig', {})
    
    # Verify CloudWatch configuration
    cloudwatch_config = config.get('cloudWatchConfig', {})
    if not cloudwatch_config:
        return False
        
    # Verify required settings
    required_settings = [
        cloudwatch_config.get('logGroupName'),
        cloudwatch_config.get('roleArn'),
        cloudwatch_config.get('largeDataDeliveryS3Config', {}).get('bucketName')
    ]
    
    return all(required_settings)
    
except ClientError:
    return False

Test with these inputs

{
"action": "configure",
"verify": true
}

Lambda Execution Role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:PutModelInvocationLoggingConfiguration",
"bedrock:GetModelInvocationLoggingConfiguration"
],
"Resource": ""
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam:::role/BedrockLoggingRole"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:::*"
}
]
}

S3 Bucket Policy

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowBedrockLoggingService",
"Effect": "Allow",
"Principal": {
"Service": "bedrock.amazonaws.com"
},
"Action": [
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::your-bedrock-logs-bucket",
"arn:aws:s3:::your-bedrock-logs-bucket/"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "YOUR_ACCOUNT_ID"
}
}
},
{
"Sid": "EnforceEncryptedTransport",
"Effect": "Deny",
"Principal": "",
"Action": "s3:",
"Resource": [
"arn:aws:s3:::your-bedrock-logs-bucket",
"arn:aws:s3:::your-bedrock-logs-bucket/"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}

Possible Solution

No response

Additional Information/Context

No response

SDK version used

Boto3

Environment details (OS name and version, etc.)

Python 3.13

[tim-finnigan]

It looks like that parameter was just recently added in 1.35.74. Your Lambda environment is probably using an older version of Boto3. Please refer to this troubleshooting guide: https://repost.aws/knowledge-center/lambda-python-runtime-errors. And you can confirm the version used by doing:

import boto3
print(boto3.__version__)