Introduction
Generative AI applications demand consistent safety across your organization. Amazon Bedrock Guardrails now supports cross-account safeguards, allowing you to define and enforce safety policies from a central management account across all member accounts and organizational units (OUs). This capability reduces administrative overhead while ensuring uniform compliance with responsible AI standards. In this guide, you'll learn to configure both organization-level and account-level enforcement, giving you fine-grained control over content filtering for all Bedrock model invocations.
What You Need
Before you begin, ensure you have the following:
- AWS Organization set up with a management account and at least one member account.
- Permissions to create and manage Amazon Bedrock Guardrails in the management account (e.g.,
bedrock:CreateGuardrail,bedrock:PutGuardrailPolicy). - Resource-based policies for guardrails to allow cross-account access, if needed.
- A guardrail version that is immutable (once created, it cannot be modified). This ensures member accounts cannot alter the policy.
- AWS Bedrock service enabled in the Regions where you run model invocations.
Step-by-Step Guide
Step 1: Create a Guardrail with an Immutable Version
In your management account, navigate to the Amazon Bedrock console and select Guardrails. Click Create guardrail. Define your content filters (e.g., hate speech, violence, prompt injection). Once the guardrail is configured, publish a version. This version number is essential because it locks the policy to be unchangeable, ensuring consistent enforcement across accounts.
Step 2: Enable Organization-Level Enforcement
Go to Guardrails and select Enforcement configurations. Click Create organization enforcement. Choose the guardrail and its version created in Step 1. This applies the guardrail automatically to every Bedrock model invocation in all member accounts and OUs under your organization. You can also specify which models to include or exclude using the Include or Exclude behavior. For example, exclude a test model or include only production models.
Step 3: Configure Account-Level Enforcement (Optional)
If you need to override or supplement the organization-level policy for a specific account, go to Account-level enforcement configurations in the management account (or the member account if delegated). Click Create. Select the same or a different guardrail and version. This enforces the guardrail on all Bedrock API calls from that account in the current Region. Note that account-level policies cannot weaken the organization-level policy—they can only add stricter rules.
Step 4: Set Guardrail Scope for Model Invocations
When creating enforcement configurations, decide which models are affected. Use Include to specify a list of models that must use the guardrail, or Exclude to exempt certain models. This is useful when you have models with different risk profiles. For example, include all foundation models but exclude custom fine-tuned models that are already heavily filtered.
Step 5: Select Content Guarding Mode
Choose between Comprehensive or Selective content guarding. Comprehensive applies filters to all user prompts, system prompts, and model responses. Selective lets you specify which parts of the interaction are guarded—e.g., only user prompts or only system prompts. Select the mode that aligns with your use case. Comprehensive is best for high-risk applications, while Selective offers flexibility.
Step 6: Validate Enforcement
After configuration, test by invoking a Bedrock model from a member account. Use the AWS CLI or SDK with the guardrail ID and version. If the invocation violates a filter, you should see an error or blocked response. Verify that the organization-level guardrail is applied even if no account-level policy exists. Check CloudWatch logs for guardrail events to confirm enforcement.
Step 7: Monitor and Audit
Use AWS CloudTrail to log all guardrail configuration changes and enforcement events. Set up dashboards in CloudWatch to monitor the number of blocked invocations per account. Regularly review guardrail versions and update them as your compliance requirements evolve. Remember to publish a new version each time you modify the guardrail so that enforcement remains consistent.
Tips for Success
- Start with organization-level enforcement to establish a baseline safety policy across all accounts. Then add account-level exceptions only when necessary.
- Use immutable guardrail versions to prevent accidental modifications by member accounts. Always publish a version before referencing it in a policy.
- Test in a sandbox account first. Create an OU with a non-production account and apply the organization policy to verify it works before rolling out to production.
- Combine with AWS Organizations SCPs to restrict who can modify guardrail configurations. Use a service control policy that denies
bedrock:PutGuardrailPolicyto member account admins. - Document your guardrail versions and their associated policies. This helps with audits and rollbacks.
- Monitor for false positives by setting up a notification channel in case too many legitimate requests are blocked. Adjust filters accordingly.
- Stay updated with AWS Bedrock releases as new filtering capabilities are added over time.
By following these steps, you can achieve centralized, scalable safety controls for your generative AI applications with Amazon Bedrock Guardrails, reducing administrative burden while ensuring responsible AI use across your entire organization.