Amazon has recently announced the general availability of cross-account safeguards in Amazon Bedrock Guardrails, a new feature that allows centralized enforcement and management of safety controls across multiple AWS accounts within an organization. This new capability enables users to specify guardrails in Amazon Bedrock policies within the management account, automatically enforcing configured safeguards across all member entities for every model invocation with Amazon Bedrock.
By implementing organization-wide safeguards, users can ensure uniform protection across all accounts and generative AI applications with centralized control and management. This capability also offers flexibility to apply account-level and application-specific controls based on specific use case requirements, in addition to organizational safeguards.
Organization-level enforcements apply a single guardrail from the organization’s management account to all entities within the organization, automatically enforcing filters across all member entities for all Amazon Bedrock model invocations. On the other hand, account-level enforcement enables automatic enforcement of configured safeguards across all Amazon Bedrock model invocations in the user’s AWS account.
With centralized enforcement in Amazon Bedrock Guardrails, users can establish and manage dependable, comprehensive protection through a unified approach. This ensures consistent adherence to corporate responsible AI requirements while reducing the administrative burden of monitoring individual accounts and applications.
To get started with centralized enforcement in Amazon Bedrock Guardrails, users can configure account-level and organization-level enforcement settings in the Amazon Bedrock Guardrails console. Before configuring enforcement, users need to create a guardrail with a specific version to ensure immutability and complete prerequisites for using this new capability.
For account-level enforcement, users can choose to create enforcement configurations for automatic application to all Bedrock inference calls from their account in a specific region. With the introduction of general availability, users can define which models will be affected by enforcement using either an Include or Exclude behavior.
Users can also configure selective content guarding controls for system prompts and user prompts using either Comprehensive or Selective settings. Comprehensive enforcement applies guardrails to everything, regardless of the content, while Selective enforcement is useful when users trust callers to correctly tag content.
After creating the enforcement configurations, users can test and verify enforcement using a role in their account. The account-enforced guardrail should automatically apply to both prompts and outputs, providing information on guardrail assessment.
For organization-level enforcement, users can navigate to the AWS Organizations console and enable Bedrock policies under the Policies menu. Users can create a Bedrock policy specifying the guardrail and attach it to target accounts or organizational units.
Once the policy is created, users can attach it to desired organizational units, accounts, or roots in the Targets tab. This ensures that the guardrail is enforced on member accounts, providing consistent safety controls for every model inference request.
Key considerations to keep in mind about the general availability features include the ability to include or exclude specific models in Bedrock for inference, safeguard partial or complete system prompts and input prompts, and ensure accurate specification of guardrail Amazon Resource Names (ARN) in the policy to avoid policy violations.
Cross-account safeguards in Amazon Bedrock Guardrails are now generally available in all AWS commercial and GovCloud Regions where Bedrock Guardrails is available. Charges apply to each enforced guardrail based on configured safeguards. Users can try this capability in the Amazon Bedrock console and provide feedback through AWS re:Post for Amazon Bedrock Guardrails or usual AWS Support contacts.
Overall, the introduction of cross-account safeguards in Amazon Bedrock Guardrails provides users with a centralized approach to enforcing safety controls across multiple AWS accounts within an organization, ensuring consistent protection and adherence to responsible AI requirements.
For more Information, Refer to this article.
