Version: 0.2.11

AWS Bedrock Guardrails

AWS Bedrock Guardrails provide native integration with Amazon Bedrock's guardrails service for comprehensive content safety and compliance.

Overview

AWS Bedrock Guardrails enable:

Content Filtering: Block harmful or inappropriate content across multiple categories
PII Detection and Redaction: Identify and redact 30+ types of sensitive information
Topic-based Blocking: Control conversations based on denied topics
Word Filters: Block profanity and custom word lists
Contextual Grounding: Ensure responses are grounded in provided context (RAGAS)

Installation

Install Agent Kernel with AWS support:

pip install agentkernel[aws]

This installs the required boto3 library for AWS integration.

Setup

1. Create a Bedrock Guardrail

Create a guardrail in AWS Bedrock using the AWS Console, CLI, or SDK.

Using AWS Console:

Navigate to Amazon Bedrock → Guardrails
Click "Create guardrail"
Configure content filters, denied topics, word filters, and PII filters
Note the Guardrail ID and create a version

Using AWS CLI:

aws bedrock create-guardrail \
    --name "MyAgentGuardrail" \
    --description "Guardrail for agent interactions" \
    --content-policy-config '{
        "filtersConfig": [
            {"type": "HATE", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "VIOLENCE", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "SEXUAL", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "MISCONDUCT", "inputStrength": "MEDIUM", "outputStrength": "MEDIUM"},
            {"type": "PROMPT_ATTACK", "inputStrength": "HIGH", "outputStrength": "NONE"}
        ]
    }' \
    --sensitive-information-policy-config '{
        "piiEntitiesConfig": [
            {"type": "EMAIL", "action": "BLOCK"},
            {"type": "PHONE", "action": "BLOCK"},
            {"type": "SSN", "action": "BLOCK"},
            {"type": "CREDIT_DEBIT_CARD_NUMBER", "action": "BLOCK"}
        ]
    }'

2. Configure AWS Credentials

Ensure your AWS credentials are configured:

export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key
export AWS_DEFAULT_REGION=us-east-1  # or your preferred region

Or use AWS CLI configuration:

aws configure

3. Update Agent Kernel Configuration

Add guardrail configuration to your config.yaml:

guardrail:
  input:
    enabled: true
    type: bedrock
    id: your-guardrail-id
    version: "1"  # or "DRAFT"
  output:
    enabled: true
    type: bedrock
    id: your-guardrail-id
    version: "1"

Configuration Options:

enabled: Enable/disable guardrails
type: Set to bedrock for AWS Bedrock Guardrails
id: Your Bedrock guardrail identifier (from AWS)
version: Guardrail version number or "DRAFT"

Available Guardrail Policies

Content Filters

Block harmful content across six categories with configurable strength levels:

Filter Type	Description	Strength Levels
HATE	Hateful, demeaning, or derogatory content	NONE, LOW, MEDIUM, HIGH
INSULTS	Insulting, mocking, or offensive language	NONE, LOW, MEDIUM, HIGH
SEXUAL	Sexual content or references	NONE, LOW, MEDIUM, HIGH
VIOLENCE	Violent or graphic content	NONE, LOW, MEDIUM, HIGH
MISCONDUCT	Criminal activity or unethical behavior	NONE, LOW, MEDIUM, HIGH
PROMPT_ATTACK	Prompt injection or jailbreak attempts	NONE, LOW, MEDIUM, HIGH

Configure separately for input and output with different strengths.

Denied Topics

Define custom topics to block from conversations:

Topic name and definition
Example phrases that represent the topic
Separate input/output blocking configuration

Example topics: Financial advice, Medical diagnosis, Legal counsel, etc.

Word Filters

Profanity Filter:

Managed list of profane words and phrases
Block automatically without custom configuration

Custom Words:

Define your own blocklist of words or phrases
Case-insensitive matching

Sensitive Information (PII) Filters

Detect and redact 30+ types of personally identifiable information:

PII Type	Action Options
EMAIL	BLOCK, ANONYMIZE
PHONE	BLOCK, ANONYMIZE
NAME	BLOCK, ANONYMIZE
SSN	BLOCK, ANONYMIZE
CREDIT_DEBIT_CARD_NUMBER	BLOCK, ANONYMIZE
ADDRESS	BLOCK, ANONYMIZE
USERNAME	BLOCK, ANONYMIZE
PASSWORD	BLOCK, ANONYMIZE
DRIVER_ID	BLOCK, ANONYMIZE
IP_ADDRESS	BLOCK, ANONYMIZE
MAC_ADDRESS	BLOCK, ANONYMIZE
US_PASSPORT_NUMBER	BLOCK, ANONYMIZE
US_BANK_ACCOUNT_NUMBER	BLOCK, ANONYMIZE
And 17+ more...

BLOCK: Reject content containing PII
ANONYMIZE: Redact/mask PII in content

Contextual Grounding

Ensure responses are grounded in source information:

Detect hallucinations
Verify factual accuracy against provided context
Configure grounding thresholds

IAM Permissions

Your IAM role/user needs the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:ApplyGuardrail",
        "bedrock:GetGuardrail"
      ],
      "Resource": "arn:aws:bedrock:*:*:guardrail/*"
    }
  ]
}

How It Works

Input Guardrails

User sends a request to the agent
Agent Kernel extracts text from the request
Text is sent to Bedrock ApplyGuardrail API with source=INPUT
If guardrail is triggered: Return safe error message
If validation passes: Continue to agent processing

Output Guardrails

Agent generates a response
Agent Kernel extracts text from the response
Text is sent to Bedrock ApplyGuardrail API with source=OUTPUT
If guardrail is triggered: Replace response with safe message
If validation passes: Return original response to user

Examples

Example 1: Block Harmful Content

Input: "How can I hack into someone's account?"

Guardrail Triggered: MISCONDUCT or PROMPT_ATTACK filter

Response:

I apologize, but I'm unable to process this request as it may violate 
content safety guidelines (MISCONDUCT). Please rephrase your question 
or try a different topic.

Example 2: PII Detection

Input: "My email is john.doe@example.com and SSN is 123-45-6789"

Guardrail Triggered: PII filter (EMAIL, SSN)

Response:

I apologize, but I'm unable to process this request as it may violate 
content safety guidelines. Please rephrase your question or try a 
different topic.

Example 3: Safe Request

Input: "What is the capital of France?"

Guardrail: Passes all validations

Response: "The capital of France is Paris."

Configuration Examples

Basic Configuration

guardrail:
  input:
    enabled: true
    type: bedrock
    id: abc123guardrailid
    version: "1"

Separate Input/Output Guardrails

Use different guardrails for input and output:

guardrail:
  input:
    enabled: true
    type: bedrock
    id: input-guardrail-id
    version: "2"
  output:
    enabled: true
    type: bedrock
    id: output-guardrail-id
    version: "1"

Using DRAFT Version

During development, use DRAFT version:

guardrail:
  input:
    enabled: true
    type: bedrock
    id: abc123guardrailid
    version: "DRAFT"

Note: DRAFT versions have higher latency than versioned guardrails.

Best Practices

Use Versioned Guardrails in Production: Create versions for better performance
Start with HIGH Strength: Begin with strict filters, then adjust based on false positives
Test Thoroughly: Test with edge cases before production deployment
Monitor Metrics: Track latency, costs, and intervention rates
Separate Configs: Use different guardrails for input vs. output
Regional Deployment: Deploy guardrails in the same region as your application
IAM Least Privilege: Grant only required Bedrock permissions

Troubleshooting

Guardrails Not Triggering

Verify guardrail ID and version in config.yaml
Check guardrail exists in correct AWS region
Verify IAM permissions include bedrock:ApplyGuardrail
Check logs for error messages

Test guardrail directly using AWS CLI:

aws bedrock-runtime apply-guardrail \
    --guardrail-identifier your-id \
    --guardrail-version 1 \
    --source INPUT \
    --content '[{"text":{"text":"test input"}}]'

Import Errors

Ensure boto3 is installed:

pip install agentkernel[aws]

Authentication Errors

Check AWS credentials:

aws sts get-caller-identity

Permission Denied

Verify IAM policy includes required actions:

bedrock:ApplyGuardrail
bedrock:GetGuardrail

Performance & Cost

Latency

Typical Latency: 100-300ms per validation
DRAFT Version: Higher latency than versioned guardrails
Regional Impact: Same-region deployment reduces latency

Cost

AWS Bedrock Guardrails pricing (as of 2026):

Charged per text unit (1000 characters)
Varies by region
See AWS Bedrock Pricing for current rates

Optimization

Use versioned guardrails (not DRAFT) in production
Deploy in same region as your application
Consider caching for repeated validations
Monitor usage with CloudWatch

AWS Bedrock Guardrails Documentation
AWS Bedrock API Reference
Boto3 Bedrock Documentation
OpenAI Guardrails - Alternative provider
Guardrails Overview
Configuration Guide
Working Example

Support

Issues: GitHub Issues
Discussions: GitHub Discussions
Examples: Repository Examples

Overview​

Installation​

Setup​

1. Create a Bedrock Guardrail​

2. Configure AWS Credentials​

3. Update Agent Kernel Configuration​

Available Guardrail Policies​

Content Filters​

Denied Topics​

Word Filters​

Sensitive Information (PII) Filters​

Contextual Grounding​

IAM Permissions​

How It Works​

Input Guardrails​

Output Guardrails​

Examples​

Example 1: Block Harmful Content​

Example 2: PII Detection​

Example 3: Safe Request​

Configuration Examples​

Basic Configuration​

Separate Input/Output Guardrails​

Using DRAFT Version​

Best Practices​

Troubleshooting​

Guardrails Not Triggering​

Import Errors​

Authentication Errors​

Permission Denied​

Performance & Cost​

Latency​

Cost​

Optimization​

Related Resources​

Support​