Centralized AI Safety Enforcement with Amazon Bedrock Guardrails: A Step-by-Step Guide

Overview

Amazon Bedrock Guardrails now offers a powerful new feature: cross-account safeguards. This capability allows you to enforce safety policies consistently across all AWS accounts within your organization from a single management account. Instead of manually configuring guardrails for each account, you can define organization-wide rules that automatically apply to every model invocation in Bedrock. This guide walks you through setting up these safeguards, covering both organization-level and account-level enforcement, with practical steps and best practices.

Prerequisites

AWS Organizations Setup

Your AWS environment must be organized using AWS Organizations. You need a management account (the root of the organization) and at least one member account. Ensure that all accounts are part of the same organization.

IAM Permissions

To configure cross-account safeguards, you need the following IAM permissions in the management account:

• bedrock:PutGuardrailPolicy
• bedrock:GetGuardrailPolicy
• organizations:DescribeOrganization
• organizations:ListAccounts

Member accounts require permissions to invoke Bedrock models with guardrails enforced.

Guardrail Resource Policy

Create a guardrail in the management account and configure a resource-based policy that allows member accounts to use it. The guardrail version must be immutable—choose a specific version rather than DRAFT. For example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::*:root"
      },
      "Action": "bedrock:ApplyGuardrail",
      "Resource": "arn:aws:bedrock:us-east-1:123456789012:guardrail/my-guardrail/1"
    }
  ]
}

Replace the account ID and guardrail details accordingly.

Step-by-Step Instructions

1. Enforcing Organization-Level Safeguards

Organization-level enforcement applies a single guardrail to all member accounts in the organization. This is ideal for baseline corporate policies.

1. Log in to the AWS Management Console with your management account.
2. Navigate to Amazon Bedrock > Guardrails.
3. In the left panel, choose Cross-account safeguards.
4. Under Organization-level enforcement configurations, click Create.
5. Select the guardrail and version you created earlier. The version must be numeric (e.g., 1, 2).
6. Choose which models to affect: use Include to apply to specific models or Exclude to exempt specific models.
7. Configure content guard controls: choose Comprehensive to filter all prompts and responses, or Selective to apply only to system or user prompts.
8. Review and create the policy. This policy now enforces the guardrail on every Bedrock invocation in all member accounts.

2. Enforcing Account-Level Safeguards

Account-level enforcement applies to a single account. Use this for additional controls specific to a team or application.

1. In the same Cross-account safeguards page, go to Account-level enforcement configurations.
2. Click Create. You can use the same guardrail or a different one.
3. Select the target account (or leave it as current account).
4. Choose guardrail and version.
5. Set model inclusion/exclusion and content guarding mode.
6. Click Create. The guardrail will automatically apply to all inference calls from that account.

3. Verifying Enforcement

To confirm the guardrail is active, invoke a Bedrock model from a member account. Use the AWS CLI or Console. For example, with the CLI:

aws bedrock-runtime invoke-model \
  --model-id anthropic.claude-v2 \
  --body '{"prompt": "Human: Hello\nAssistant:"}' \
  --region us-east-1

If the guardrail blocks content, you should receive an error or filtered response. You can also check CloudTrail for ApplyGuardrail API calls.

Common Mistakes and Pitfalls

Using Draft Versions

Mistake: Selecting DRAFT version for enforcement. Draft versions are mutable and can be changed, which defeats immutability requirements.

Fix: Always publish a version (e.g., 1) and use that version in your policy.

Missing Resource Policy for Member Accounts

Mistake: Creating a guardrail policy without a resource-based policy that allows member accounts to use it. Member accounts will get access denied errors.

Fix: Attach a resource-based policy to the guardrail that grants bedrock:ApplyGuardrail to all member accounts (or specific ones).

Not Considering Regional Boundaries

Mistake: Creating the guardrail and enforcement policy in one region, but member accounts invoke models in another region. Cross-account safeguards are Region-specific.

Fix: Create the guardrail and policy in each Region where you need enforcement. Use the same guardrail name and version across Regions for consistency.

Overlooking Model Inclusion/Exclusion

Mistake: Setting Include but forgetting to add specific model IDs. The guardrail will apply to no models.

Fix: Either use Exclude with an empty list (applies to all) or ensure you list all desired model IDs in Include.

Summary

Cross-account safeguards in Amazon Bedrock Guardrails let you enforce safety policies uniformly across your AWS organization. By setting up organization-level or account-level enforcement, you centralize control and reduce administrative overhead. Remember to use immutable guardrail versions, configure resource policies properly, and handle regional requirements. Start with a simple policy and expand as your use cases grow.