Centralized AI Safety Enforcement with Amazon Bedrock Guardrails: A Step-by-Step Guide
By ⚡ min read
<h2 id="overview">Overview</h2>
<p>Amazon Bedrock Guardrails now offers a powerful new feature: cross-account safeguards. This capability allows you to enforce safety policies consistently across all AWS accounts within your organization from a single management account. Instead of manually configuring guardrails for each account, you can define organization-wide rules that automatically apply to every model invocation in Bedrock. This guide walks you through setting up these safeguards, covering both organization-level and account-level enforcement, with practical steps and best practices.</p><figure style="margin:20px 0"><img src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/04/01/Guardrails-feat-img3.png" alt="Centralized AI Safety Enforcement with Amazon Bedrock Guardrails: A Step-by-Step Guide" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: aws.amazon.com</figcaption></figure>
<h2 id="prerequisites">Prerequisites</h2>
<h3>AWS Organizations Setup</h3>
<p>Your AWS environment must be organized using AWS Organizations. You need a management account (the root of the organization) and at least one member account. Ensure that all accounts are part of the same organization.</p>
<h3>IAM Permissions</h3>
<p>To configure cross-account safeguards, you need the following IAM permissions in the management account:</p>
<ul>
<li><code>bedrock:PutGuardrailPolicy</code></li>
<li><code>bedrock:GetGuardrailPolicy</code></li>
<li><code>organizations:DescribeOrganization</code></li>
<li><code>organizations:ListAccounts</code></li>
</ul>
<p>Member accounts require permissions to invoke Bedrock models with guardrails enforced.</p>
<h3>Guardrail Resource Policy</h3>
<p>Create a guardrail in the management account and configure a resource-based policy that allows member accounts to use it. The guardrail version must be immutable—choose a specific version rather than <code>DRAFT</code>. For example:</p>
<pre><code>{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::*:root"
},
"Action": "bedrock:ApplyGuardrail",
"Resource": "arn:aws:bedrock:us-east-1:123456789012:guardrail/my-guardrail/1"
}
]
}</code></pre>
<p>Replace the account ID and guardrail details accordingly.</p>
<h2 id="step-by-step">Step-by-Step Instructions</h2>
<h3 id="org-level">1. Enforcing Organization-Level Safeguards</h3>
<p>Organization-level enforcement applies a single guardrail to all member accounts in the organization. This is ideal for baseline corporate policies.</p>
<ol>
<li>Log in to the <strong>AWS Management Console</strong> with your management account.</li>
<li>Navigate to <strong>Amazon Bedrock</strong> > <strong>Guardrails</strong>.</li>
<li>In the left panel, choose <strong>Cross-account safeguards</strong>.</li>
<li>Under <strong>Organization-level enforcement configurations</strong>, click <strong>Create</strong>.</li>
<li>Select the guardrail and version you created earlier. The version must be numeric (e.g., 1, 2).</li>
<li>Choose which models to affect: use <strong>Include</strong> to apply to specific models or <strong>Exclude</strong> to exempt specific models.</li>
<li>Configure content guard controls: choose <strong>Comprehensive</strong> to filter all prompts and responses, or <strong>Selective</strong> to apply only to system or user prompts.</li>
<li>Review and create the policy. This policy now enforces the guardrail on every Bedrock invocation in all member accounts.</li>
</ol>
<h3 id="account-level">2. Enforcing Account-Level Safeguards</h3>
<p>Account-level enforcement applies to a single account. Use this for additional controls specific to a team or application.</p>
<ol>
<li>In the same <strong>Cross-account safeguards</strong> page, go to <strong>Account-level enforcement configurations</strong>.</li>
<li>Click <strong>Create</strong>. You can use the same guardrail or a different one.</li>
<li>Select the target account (or leave it as current account).</li>
<li>Choose guardrail and version.</li>
<li>Set model inclusion/exclusion and content guarding mode.</li>
<li>Click <strong>Create</strong>. The guardrail will automatically apply to all inference calls from that account.</li>
</ol>
<h3 id="verification">3. Verifying Enforcement</h3>
<p>To confirm the guardrail is active, invoke a Bedrock model from a member account. Use the AWS CLI or Console. For example, with the CLI:</p><figure style="margin:20px 0"><img src="https://a0.awsstatic.com/aws-blog/images/Voiced_by_Amazon_Polly_EN.png" alt="Centralized AI Safety Enforcement with Amazon Bedrock Guardrails: A Step-by-Step Guide" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: aws.amazon.com</figcaption></figure>
<pre><code>aws bedrock-runtime invoke-model \
--model-id anthropic.claude-v2 \
--body '{"prompt": "Human: Hello\nAssistant:"}' \
--region us-east-1</code></pre>
<p>If the guardrail blocks content, you should receive an error or filtered response. You can also check <strong>CloudTrail</strong> for <code>ApplyGuardrail</code> API calls.</p>
<h2 id="common-mistakes">Common Mistakes and Pitfalls</h2>
<h3>Using Draft Versions</h3>
<p><strong>Mistake:</strong> Selecting <code>DRAFT</code> version for enforcement. Draft versions are mutable and can be changed, which defeats immutability requirements.</p>
<p><strong>Fix:</strong> Always publish a version (e.g., 1) and use that version in your policy.</p>
<h3>Missing Resource Policy for Member Accounts</h3>
<p><strong>Mistake:</strong> Creating a guardrail policy without a resource-based policy that allows member accounts to use it. Member accounts will get access denied errors.</p>
<p><strong>Fix:</strong> Attach a resource-based policy to the guardrail that grants <code>bedrock:ApplyGuardrail</code> to all member accounts (or specific ones).</p>
<h3>Not Considering Regional Boundaries</h3>
<p><strong>Mistake:</strong> Creating the guardrail and enforcement policy in one region, but member accounts invoke models in another region. Cross-account safeguards are Region-specific.</p>
<p><strong>Fix:</strong> Create the guardrail and policy in each Region where you need enforcement. Use the same guardrail name and version across Regions for consistency.</p>
<h3>Overlooking Model Inclusion/Exclusion</h3>
<p><strong>Mistake:</strong> Setting <strong>Include</strong> but forgetting to add specific model IDs. The guardrail will apply to no models.</p>
<p><strong>Fix:</strong> Either use <strong>Exclude</strong> with an empty list (applies to all) or ensure you list all desired model IDs in <strong>Include</strong>.</p>
<h2 id="summary">Summary</h2>
<p>Cross-account safeguards in Amazon Bedrock Guardrails let you enforce safety policies uniformly across your AWS organization. By setting up organization-level or account-level enforcement, you centralize control and reduce administrative overhead. Remember to use immutable guardrail versions, configure resource policies properly, and handle regional requirements. Start with a simple policy and expand as your use cases grow.</p>