New pattern - bedrock-guardrails-cross-account-cdk#3067
Conversation
…count-level enforcement pattern Creates a Bedrock Guardrail with content and topic filters, versions it, and enables account-level enforcement via AwsCustomResource. Test Lambda demonstrates automatic guardrail enforcement on all Bedrock calls without specifying guardrailIdentifier. Key features: - Account-level guardrail enforcement via PutEnforcedGuardrailConfiguration - AwsCustomResource for SDK commands not in Lambda runtime - Content filters (HATE, INSULTS, SEXUAL, VIOLENCE, MISCONDUCT, PROMPT_ATTACK) - Denied topic filter (investment advice) - Test Lambda showing safe vs blocked responses - Automatic cleanup on stack deletion
Replace wildcard resource with specific inference profile ARN and foundation-model/* for least-privilege IAM.
|
Hi @biswanathmukherjee — this Bedrock Guardrails account-level enforcement pattern covers the April 2026 GA launch. Deployed and tested — safe prompts pass, violating prompts blocked without any guardrail specified in the API call. Ready for review. |
|
Hi @biswanathmukherjee 👋 Friendly nudge — this pattern is ready for review. Deployed and tested end-to-end on a live AWS account. Would appreciate a look when you have time. Thank you! |
|
Hi @biswanathmukherjee 👋 This shows Bedrock Guardrails account-level enforcement (April 2026 GA) — a unique feature where guardrails apply to ALL Bedrock calls account-wide without code changes. First pattern for this new capability. |
| @@ -0,0 +1,130 @@ | |||
| # Bedrock Guardrails Account-Level Enforcement | |||
There was a problem hiding this comment.
Please make sure to use the full service name on first mentions.
There was a problem hiding this comment.
Sorry about that. updated to "Amazon Bedrock Guardrails" on first mention throughout.
There was a problem hiding this comment.
The folder name makes it sound like this is a "cross-account" pattern but the README only talks about inside an account. Can you please clarify
There was a problem hiding this comment.
The folder name reflects the cross-account extension use case (via Organization RCPs) which the README describes in the Important Notes section. The pattern itself deploys single-account enforcement as the foundation -- then explains how to extend cross-account via RCP. I've kept the README focused on what the code actually does while noting the cross-account path. Happy to rename the folder if you'd prefer something like bedrock-guardrails-enforcement-cdk?
|
|
||
| // Test Lambda | ||
| const testFn = new lambda.Function(this, 'TestFunction', { | ||
| runtime: lambda.Runtime.NODEJS_20_X, |
There was a problem hiding this comment.
use most recent runtime version
There was a problem hiding this comment.
Updated to NODEJS_22_X.
| })); | ||
|
|
||
| testFn.addToRolePolicy(new iam.PolicyStatement({ | ||
| actions: ['bedrock:ApplyGuardrail'], |
There was a problem hiding this comment.
Is that necessary? Shouldn't that automatically be applied?
There was a problem hiding this comment.
You're right. with account-level enforcement the guardrail is applied automatically by the service, the caller doesn't need explicit ApplyGuardrail permission. Removed.
| @@ -0,0 +1,130 @@ | |||
| # Bedrock Guardrails Account-Level Enforcement | |||
|
|
|||
| This pattern deploys an Amazon Bedrock Guardrail with content and topic filters, enforces it at the account level so ALL Bedrock API calls are automatically guarded, and provides a test Lambda that demonstrates the enforcement without specifying any guardrailIdentifier. | |||
There was a problem hiding this comment.
| This pattern deploys an Amazon Bedrock Guardrail with content and topic filters, enforces it at the account level so ALL Bedrock API calls are automatically guarded, and provides a test Lambda that demonstrates the enforcement without specifying any guardrailIdentifier. | |
| This pattern deploys an Amazon Bedrock Guardrail with content and topic filters, enforces it at the account level so ALL Bedrock API calls are automatically guarded, and provides a test AWS Lambda function that demonstrates the enforcement without specifying any guardrail identifier. |
There was a problem hiding this comment.
Applied your suggestion, thanks.
| * [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. | ||
| * [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured | ||
| * [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) | ||
| * [Node.js 18+](https://nodejs.org/en/download/) installed |
There was a problem hiding this comment.
update to a non-EOL version
There was a problem hiding this comment.
Updated to Node.js 20+.
|
|
||
| 1. **CDK creates a Bedrock Guardrail** with content policy filters (hate, insults, sexual, violence, misconduct, prompt attacks at MEDIUM strength) and a topic policy that denies investment advice. | ||
|
|
||
| 2. **An AwsCustomResource creates a guardrail version** — required before enforcement can be enabled. |
There was a problem hiding this comment.
Why is a custom resource necessary here?
There was a problem hiding this comment.
Hi Ben, Thank you for reviewing this request. CloudFormation doesn't have a native resource type for CreateGuardrailVersion or PutEnforcedGuardrailConfiguration yet : these are API-only operations. AwsCustomResource lets us call them declaratively during stack lifecycle without writing a full Lambda handler.
| - **inputTags deprecation:** The `inputTags` parameter in the enforcement configuration is being deprecated in favor of `selectiveContentGuarding`. This pattern uses `IGNORE` for inputTags as a placeholder. | ||
|
|
||
| ---- | ||
| Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
There was a problem hiding this comment.
| Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
There was a problem hiding this comment.
Fixed to 2026.
There was a problem hiding this comment.
where is this file used/invoked?
There was a problem hiding this comment.
It's not -- dead code from an earlier custom resource approach before I switched to AwsCustomResource. Deleted.
There was a problem hiding this comment.
where is this file used/invoked?
There was a problem hiding this comment.
Same -- leftover from the custom resource approach. Deleted.
…ead code, copyright 2026
4 participants
Bedrock Guardrails Account-Level Enforcement
Creates a Bedrock Guardrail, versions it, and enables account-level enforcement. The guardrail automatically applies to ALL Bedrock calls in the account without specifying guardrailIdentifier.
Architecture: CDK creates Guardrail → versions via AwsCustomResource → enforces account-wide → Test Lambda demonstrates automatic enforcement
Key decisions:
Test results:
TypeScript / AWS CDK