How to Set Up Centralized Cross-Account Guardrails in Amazon Bedrock

Introduction

Generative AI applications deployed across multiple AWS accounts within an organization need consistent safety and responsible AI controls. With the new cross-account safeguards capability in Amazon Bedrock Guardrails, you can now enforce uniform safety policies from a central management account. This guide walks you through the step-by-step process to configure organization-level and account-level guardrails, enabling centralized control while still allowing flexibility for specific use cases. By the end, you'll have a robust, centralized safety framework that reduces administrative overhead and ensures consistent compliance across all your Bedrock model invocations.

What You Need

Before you begin, ensure you have the following prerequisites in place:

• An AWS Organization with a management account and at least one member account.
• An existing Amazon Bedrock Guardrail with a specific version (versions must be immutable to prevent member accounts from modifying safeguards).
• Resource-based policies for guardrails that allow cross-account access.
• Appropriate IAM permissions for both the management account and member accounts to create and enforce guardrails.
• AWS CLI or access to the Amazon Bedrock Guardrails console.

Step-by-Step Guide

Step 1: Create a Guardrail with an Immutable Version

Start by creating a guardrail or using an existing one. The guardrail must have a specific version (not the draft version) to ensure it remains immutable and cannot be altered by member accounts.

1. Open the Amazon Bedrock Guardrails console.
2. Navigate to Guardrails and either create a new guardrail or select an existing one.
3. If creating a new guardrail, define your content filters, topic policies, and other safety controls as needed.
4. Publish a version: Choose Create version to lock the guardrail configuration. Note the version ID for later steps.

Step 2: Set Up Resource-Based Policies for Cross-Account Access

To enable cross-account enforcement, you need to configure a resource-based policy that allows the management account and member accounts to use the guardrail.

1. In the guardrail details, go to the Permissions tab.
2. Add a policy that grants bedrock:InvokeGuardrail permission to the organization's management account and optionally to specific member accounts or organizational units (OUs).
3. Save the policy. Example policy statement:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::MANAGEMENT_ACCOUNT_ID:root"
      },
      "Action": "bedrock:InvokeGuardrail",
      "Resource": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id"
    }
  ]
}

Step 3: Enable Organization-Level Enforcement from the Management Account

This step ensures that the guardrail is automatically applied to all member accounts in your AWS Organization for every Bedrock model invocation.

1. In the management account, open the Amazon Bedrock Guardrails console.
2. Choose Policy configurations from the left navigation.
3. Click Create organization enforcement policy.
4. Select the guardrail and version you created in Step 1.
5. Define the scope: You can enforce it across all accounts in the organization or limit to specific OUs or accounts.
6. Optionally, set which models will be affected using Include or Exclude behaviors. This determines which Bedrock foundation models the guardrail applies to.
7. Complete the creation. Now, every Bedrock model invocation from any member account in the specified scope will automatically use this guardrail.

Step 4: Configure Account-Level Enforcement (Optional but Recommended)

Account-level enforcement allows you to apply additional safeguards specific to an individual AWS account, on top of the organization-wide policy.

1. In the same console, navigate to Account-level enforcement configurations.
2. Click Create configuration.
3. Choose the same or a different guardrail and version for this account.
4. Specify the account ID (must be a member of your organization).
5. Again, you can fine-tune which models are affected using Include/Exclude.
6. Save the configuration. The account-level guardrail will apply to all Bedrock inference API calls from that account, in addition to the organization-level policy.

Step 5: Configure Selective Content Guarding Controls

This new feature lets you decide whether to apply guardrails to system prompts and user prompts comprehensively or selectively.

1. When creating or editing an enforcement policy (organization or account-level), locate the Content guarding controls section.
2. Choose Comprehensive to apply guardrails to all prompts regardless of source.
3. Choose Selective to define specific conditions (e.g., apply only to user prompts or system prompts) based on your compliance requirements.
4. Save changes. This granularity allows you to balance security with operational flexibility.

Tips and Best Practices

• Test in a non-production environment first. Create a separate guardrail for testing, apply it to a test OU, and verify behavior before rolling out to production accounts.
• Monitor guardrail invocations using Amazon CloudWatch to detect misuse or tuning needs. Enable logging for each guardrail version.
• Version your guardrails regularly as your policies evolve. Older versions remain immutable but can be replaced by updating the enforcement policy.
• Combine organization-level and account-level policies wisely. Use the organization policy for baseline safeguards and account-level for additional account-specific constraints.
• Document your guardrail configurations and share them with your security team to ensure transparency and easy auditing.

By following these steps, your security team can centrally manage responsible AI controls across all accounts and applications, reducing manual oversight while enforcing consistent, dependable protection.