- Knowledge Base
- Amazon Web Services
- Amazon Bedrock
- Use Guardrails to Protect Agent Sessions
Ensure that your Amazon Bedrock agents are associated with Bedrock guardrails in order to implement safeguards and prevent unwanted behavior (harmful or inappropriate) from model responses or user messages.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Amazon Bedrock Guardrails are security measures designed to ensure safe and responsible use of AI services provided by Amazon Bedrock. They help manage data privacy, prevent misuse, and maintain compliance with regulations. To protect user privacy, ensure safety, and prevent harmful content generation, ensure that your Amazon Bedrock agent sessions are protected by guardrails.
Audit
To determine if your Amazon Bedrock agents are associated with Bedrock guardrails, perform the following operations:
Using AWS Console
01 Sign in to the AWS Management Console.
02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.
03 In the main navigation panel, under Builder tools, select Agents.
04 In the Agents section, click on the name (link) of the agent that you want to examine, available in the Name column.
05 Choose Edit in Agent Builder from the top menu to access the configuration settings available for the selected Bedrock agent.
06 In the Guardrail details section, check the Guardrail name attribute value to determine the name of the guardrail attached to your agent. If the Guardrail name attribute does not have a value, there is no guardrail associated with the selected Amazon Bedrock agent, therefore, the agent sessions are not protected.
07 Repeat steps no. 4 - 6 for each Bedrock agent available within the current AWS region.
08 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.
Using AWS CLI
01 Run list-agents command (OSX/Linux/UNIX) to list the identifier (ID) of each Amazon Bedrock agent available in the selected AWS cloud region:
aws bedrock-agent list-agents --region us-east-1 --query 'agentSummaries[*].agentId'
02 The command output should return the requested agent identifiers (IDs):
[ "ABCDACBDAB", "ABCABCABCA" ]
03 Run get-agent command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock agent that you want to examine as the identifier parameter and custom output filters to describe the ID of the Bedrock guardrail attached to the selected agent:
aws bedrock-agent get-agent --region us-east-1 --agent-id ABCDACBDAB --query 'agent.guardrailConfiguration.guardrailIdentifier'
04 The command output should return the ID of the associated guardrail:
null
If the get-agent command output returns null, as shown in the example above, there is no guardrail associated with the selected Amazon Bedrock agent, therefore, the agent sessions are not protected.
05 Repeat steps no. 3 and 4 for each Amazon Bedrock agent available in the selected AWS region.
06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.
Remediation / Resolution
To protect your Amazon Bedrock agent sessions with Bedrock guardrails, perform the following operations:
Using AWS Console
01 Sign in to the AWS Management Console.
02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.
03 In the main navigation panel, under Safeguards, select Guardrails.
04 Choose Create guardrail to initiate the guardrail setup process.
05 For Step 1 Provide guardrail details, perform the following actions:
- Provide a unique name for your guardrail in the Name box.
- (Optional) Enter a short description in the Description - optional box.
- For Messaging for blocked prompts, enter a message to display if your guardrail blocks the user prompt. Choose whether to apply the same message for responses.
- (Optional) Choose KMS key selection - optional, check the Customize encryption settings (advanced) checkbox, and choose your own Amazon KMS Customer-Managed Key (CMK) from the Choose an AWS KMS key - optional dropdown list.
- (Optional) Choose Tags - optional and select Add new tag to create any necessary tag sets. Tags can be used to categorize and identify your guardrails and help you track your AWS costs.
- Select Next to continue the guardrail setup process.
06 For Step 2 - optional Configure content filters, perform the following operations:
- For Harmful categories, choose Enable harmful categories filters, and configure content filters by adjusting the degree of filtering to detect and block harmful user inputs and model responses. Check the Use the same harmful categories filters for responses checkbox to use the same filters for responses.
- For Prompt attacks, choose Enable prompt attacks filter, and configure the content filter by adjusting the degree of filtering to detect and block user inputs attempting to override system instructions.
- Select Next to continue the setup.
07 For Step 3 - optional Add denied topics, choose Add denied topic and create a denied topic for blocking user inputs or model responses associated with the topic. Choose Confirm to save the topic. You can add up to 30 denied topics. Select Next to continue the setup process.
08 For Step 4 - optional Add word filters, perform the following actions:
- For Profanity filter, check the Filter profanity checkbox to block profane words in user inputs and model responses.
- For Add custom words and phrases, specify the words or phrases (max 3 words) to be blocked by the guardrail. A blocked message will show if user input or model responses contain the words or phrases specified at this step. You can add words and phrases manually, or upload data from a local file or an S3 object.
- Select Next to continue the setup.
09 For Step 5 - optional Add sensitive information filters, perform the following operations:
- For Personally Identifiable Information (PII) types, choose Add new PII to add as many predefined PII-based filters as needed. Choose the predefined PII type that you want to use from the Choose PII type list, and select the appropriate behavior mode for the selected PII type from the Guardrail behavior list. Choose Block if you want to block the content and return a custom message if sensitive information is detected in the prompt or response. Choose Mask if you want to mask or redact sensitive information detected in the model response.
- For Regex patterns, choose Add regex pattern to add as many regex-based custom filters as needed. In the Add regex pattern setup box, provide a unique name and a description (optional) for your new custom filter, the regex pattern that you want to use, and the appropriate guardrail behavior (Block or Mask). Choose Confirm to save the regex pattern.
- Select Next to continue the setup process.
10 For Step 6 - optional Add contextual grounding check, perform the following actions:
- For Grounding, choose Enable grounding check to validate if model responses are grounded in the reference source and block responses that are below the defined threshold of grounding.
- For Relevance, choose Enable relevance check to validate if model responses are relevant to the user's query and block responses that are below the defined threshold of relevance.
- Select Next to continue the setup.
11 For Step 7 Review and create, review the guardrail configuration details, then choose Create guardrail to create your new Amazon Bedrock guardrail.
12 In the main navigation panel, under Builder tools, select Agents.
13 In the Agents section, click on the name (link) of the agent that you want to configure, and choose Edit in Agent Builder.
14 Choose Edit from the Guardrail details section, select the name and version of the Amazon Bedrock guardrail created earlier in the Remediation process, and choose Save and exit to attach the selected guardrail to your Amazon Bedrock agent.
15 Repeat steps no. 13 and 14 for each Amazon Bedrock agent that you want to configure, available in the current AWS region.
16 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.
Using AWS CLI
01 Run create-guardrail command (OSX/Linux/UNIX) to create a new Amazon Bedrock guardrail for agent session protection:
aws bedrock create-guardrail --region us-east-1 --name tm-project5-agent-guardrail --description 'Guardrail for Amazon Bedrock agents' --blocked-input-messaging "Sorry, the model cannot answer this question." --blocked-outputs-messaging "Sorry, the model cannot answer this question." --content-policy-config 'filtersConfig=[{type="SEXUAL",inputStrength="HIGH",outputStrength="HIGH"}, {type="HATE",inputStrength="HIGH",outputStrength="HIGH"},{type="VIOLENCE",inputStrength="HIGH",outputStrength="HIGH"},{type="INSULTS",inputStrength="HIGH",outputStrength="HIGH"},{type="MISCONDUCT",inputStrength="MEDIUM",outputStrength="MEDIUM"},{type="PROMPT_ATTACK",inputStrength="LOW",outputStrength="NONE"}]' --kms-key-id arn:aws:kms:us-east-1:123456789012:key/1234abcd-1234-abcd-1234-abcd1234abcd
02 The command output should return the identification details available for the new guardrail:
{ "guardrailId": "abcd1234abcd", "guardrailArn": "arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd", "version": "DRAFT", "createdAt": "2024-07-11T12:37:48.329055+00:00" }
03 Run update-agent command (OSX/Linux/UNIX) to attach the guardrail created at the previous steps to the selected Amazon Bedrock agent. Use the --guardrail-configuration parameter to specify the guardrail identifier and version:
aws bedrock-agent update-agent --region us-east-1 --agent-id ABCDACBDAB --agent-name tm-project5-bedrock-agent --agent-resource-role-arn arn:aws:iam::123456789012:role/service-role/AmazonBedrockExecutionRoleForAgents_ABCDABCDABCD --foundation-model amazon.titan-text-premier-v1:0 --guardrail-configuration 'guardrailIdentifier="abcd1234abcd",guardrailVersion="DRAFT"'
04 The command output should return the configuration information available for the modified Bedrock agent:
{ "agent": { "agentArn": "arn:aws:bedrock:us-east-1:123456789012:agent/ABCDACBDAB", "agentId": "ABCDACBDAB", "agentName": "tm-project5-bedrock-agent", "agentResourceRoleArn": "arn:aws:iam::123456789012:role/service-role/AmazonBedrockExecutionRoleForAgents_ABCDABCDABCD", "agentStatus": "UPDATING", "createdAt": "2024-07-11T15:03:32.328148+00:00", "foundationModel": "amazon.titan-text-premier-v1:0", "guardrailConfiguration": { "guardrailIdentifier": "abcd1234abcd", "guardrailVersion": "DRAFT" }, "idleSessionTTLInSeconds": 600, "updatedAt": "2024-07-11T15:09:45.425890+00:00" } }
05 Repeat steps no. 3 and 4 for each Amazon Bedrock agent that you want to configure, available in the selected AWS region
06 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.
References
- AWS Documentation
- Agents for Amazon Bedrock
- UpdateAgent
- GuardrailConfiguration
- Guardrails for Amazon Bedrock
- Guardrails for Amazon Bedrock
- Create a guardrail
- Associate a guardrail with your agent
- AWS Command Line Interface (CLI) Documentation
- list-agents
- get-agent
- update-agent
- create-guardrail
Related Bedrock rules
- Check for Missing Amazon Bedrock Agent Service Role (Security, operational-excellence)
- Configure Sensitive Information Filters for Amazon Bedrock Guardrails (Security, operational-excellence)
- Use Customer-Managed Keys to Encrypt Knowledge Base Transient Data (Security, operational-excellence)
- Protect Model Customization Jobs using a VPC (Security)