Amazon Bedrock Guardrails supports cross-account safeguards with centralized control and management
Organizational safeguards are now generally available in Amazon Bedrock Guardrails, enabling centralized enforcement and management of safety controls across multiple AWS accounts within an AWS Organization.
Amazon Bedrock Guardrails, a service designed to enforce safeguards and policies across AWS accounts, has recently announced the general availability of cross-account safeguards. This new capability allows organizations to centralize the enforcement and management of safety controls across multiple AWS accounts within an AWS Organization. With this feature, organizations can now specify a guardrail in a new Amazon Bedrock policy within the management account of their organization, ensuring that configured safeguards are automatically enforced across all member entities for every model invocation with Amazon Bedrock.
The introduction of cross-account safeguards in Amazon Bedrock Guardrails offers significant benefits for organizations looking to maintain uniform protection across all accounts and generative AI applications. By centralizing control and management, organizations can ensure consistent adherence to corporate responsible AI requirements while reducing the administrative burden of monitoring individual accounts and applications.
Organization-wide enforcement is a key feature of this new capability. It allows a single guardrail from the organization’s management account to be applied to all entities within the organization through policy settings. This guardrail automatically enforces filters across all member entities, including organizational units (OUs) and individual accounts, for all Amazon Bedrock model invocations. This ensures that safeguards are consistently applied across the entire organization, streamlining compliance efforts and reducing the risk of inconsistencies or gaps in security.
In addition to organization-wide enforcement, Amazon Bedrock Guardrails also offers account-level enforcement. This feature enables automatic enforcement of configured safeguards across all Amazon Bedrock model invocations in a specific AWS account. The configured safeguards in the account-level guardrail apply to all inference API calls, providing a flexible and tailored approach to safeguarding resources based on individual account needs.
The cross-account safeguards in Amazon Bedrock Guardrails also provide flexibility in applying account-level and application-specific controls, depending on the specific use case requirements. This allows organizations to customize their safeguards to meet the unique needs of different applications or accounts, ensuring that all resources are protected according to the organization’s security policies.
By centralizing enforcement and management, organizations can now establish dependable, comprehensive protection through a single, unified approach. This not only supports consistent adherence to corporate responsible AI requirements but also significantly reduces the administrative burden of monitoring individual accounts and applications. Security teams no longer need to oversee and verify configurations or compliance for each account independently, freeing up resources to focus on other critical tasks.
To get started with centralized enforcement in Amazon Bedrock Guardrails, organizations can leverage the account-level and organization-level enforcement capabilities. By setting up policies within the management account and applying them organization-wide or account-specific, organizations can ensure that their safeguards are consistently enforced across all relevant resources.
In conclusion, the general availability of cross-account safeguards in Amazon Bedrock Guardrails represents a significant step forward in centralizing the enforcement and management of safety controls across multiple AWS accounts within an organization. This capability offers organizations a flexible, unified approach to safeguarding their resources, ensuring consistent adherence to security policies, and reducing the administrative burden associated with monitoring individual accounts and applications. As organizations continue to leverage generative AI and other advanced technologies, the ability to centrally manage and enforce safeguards becomes increasingly important, and Amazon Bedrock Guardrails provides a robust solution to meet these needs.
