# Amazon Bedrock policies


Amazon Bedrock policies allow you to enforce safeguards configured in Amazon Bedrock Guardrails automatically across any element in your organization structure for all model inference calls to Amazon Bedrock. This eliminates the need to configure an individual guardail for each account. Amazon Bedrock Guardrails provides configurable safeguards to help safely build generative AI applications at scale, with a standard approach for a wide range of foundation models including: models supported in Amazon Bedrock, fine-tuned models, and models hosted outside of Amazon Bedrock.

Amazon Bedrock policies in AWS Organizations allow you to reference a guardrail created in your management account in a JSON format. You can attach any policy into the required element of your organization structure, such as the root, organizational units (OUs), and individual accounts. AWS Organizations applies inheritance rules to combine the policies, which results in an effective policy for each account that dictates how safeguards are enforced for your generative AI application.

## How it works


Amazon Bedrock policies give you control over automatic enforcement of safeguards within guardrails across multiple accounts, allowing you to enforce guardrails on all or a subset of models for inference calls to Amazon Bedrock. You need to reference a specific version of the appropriate guardrail within your policy, adhering to your organization's responsible AI requirements. This is specific to the AWS region where your guardrail exists, and you need to have different guardrails for each AWS region where you want the enforcement of safety controls. You can then attach this policy to any node of the organization, and accounts beneath that node will then automatically inherit those safeguards and apply them for every model invocation to Amazon Bedrock.

Amazon Bedrock policies help you ensure consistent safety controls throughout your organization, and provide a centralized approach to safely build generative AI applications at scale.

# Getting started with Amazon Bedrock policies
Getting started

Before you configure Amazon Bedrock policies, ensure you understand the prerequisites and implementation requirements. This topic guides you through the process of setting up and managing these policies in your organization.

## Before you begin


Review the following requirements before implementing Amazon Bedrock policies:
+ Your account must be part of an AWS organization
+ You must be signed in as either:
  + The management account for the organization
  + A delegated administrator account with permissions to manage Amazon Bedrock policies
+ You must enable the Amazon Bedrock policy type in the root of your organization

## Implementation steps


To implement Amazon Bedrock policies effectively, follow these steps in sequence. Each step ensures proper configuration and helps prevent common issues during setup. The management account or delegated administrator can perform these steps through the AWS Organizations console, AWS Command Line Interface (AWS CLI), or AWS SDKs.

1. [Enable Amazon Bedrock policies for your organization](enable-policy-type.md).

1. [Create an Amazon Bedrock policy](orgs_manage_policies_bedrock_syntax.md).

1. [Attach the Amazon Bedrock policy to your organization's root, OU, or account](orgs_policies_attach.md).

1. [View the combined effective Amazon Bedrock policy that applies to an account](orgs_manage_policies_effective.md).

# Best practices for using Amazon Bedrock policies
Best practices

## Use a valid guardrail identifier


An incorrect or malformed identifier will cause all Amazon Bedrock API calls across the target organization to fail. [Monitor CloudTrail for invalid effective policy alerts to detect misconfigurations quickly](https://docs.aws.amazon.com/organizations/latest/userguide/invalid-policy-alerts.html).

## Exclude automated reasoning policies


Guardrails that include an automated reasoning policy are not supported for organization-level enforcement. Verify that your selected Amazon Bedrock Guardrail does not contain one.

## Grant the necessary IAM permissions


Use [Amazon Bedrock Guardrails resource-based policies](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-resource-based-policies.html) to grant the organization and its member accounts permissions to evaluate the enforced guardrail at runtime.

## Review Amazon Bedrock Service Limits for Guardrails


Member account calls using the Amazon Bedrock Policy will count towards the Service Quotas for the member. Review the Service Quotas Console and be sure that your Guardrails runtime limits are sufficient for your call volume.

## Start small, then scale


Attach your policy to a few accounts to start, making sure the policy is being applied in the way you expect. Make sure to test that the Guardrail permissions are configured to allow cross-account access.

## Validate changes to your Amazon Bedrock policies using DescribeEffectivePolicy


After you make a change to an Amazon Bedrock policy, check the effective policies for representative accounts below the level where you made the change. You can view the effective policy by using the AWS Management Console, or by using the `DescribeEffectivePolicy` API operation or one of its AWS CLI or AWS SDK variants. Ensure that the change you made had the intended impact on the effective policy.

## Communicate and train


Ensure your organizations understand the purpose and impact of your Amazon Bedrock policies. Provide clear guidance on Amazon Bedrock Guardrails behavior and what to expect.

# Amazon Bedrock policy syntax and examples


An Amazon Bedrock policy is a plaintext file that is structured according to the rules of JSON. The syntax for Amazon Bedrock policies follows the syntax for all management policy types. For more information, see [Policy syntax and inheritance for management policy types](orgs_manage_policies_inheritance_mgmt.md). This topic focuses on applying that general syntax to the specific requirements of the Amazon Bedrock policy type.

The following Amazon Bedrock policy example shows the basic Amazon Bedrock policy syntax:

```
{
    "bedrock": {
        "guardrail_inference": {
            "us-east-1": {
                "config_1": {
                    "identifier": {
                        "@@assign": "arn:aws:bedrock:us-east-1:123456789012:guardrail/hu1dlsv9wy1d:1"
                    },
                    "selective_content_guarding": {
                        "system": {
                            "@@assign": "selective"
                        },
                        "messages": {
                            "@@assign": "comprehensive"
                        }
                    },
                    "model_enforcement": {
                        "included_models": {
                            "@@assign": ["ALL"]
                        },
                        "excluded_models": {
                            "@@assign": ["amazon.titan-embed-text-v2:0", "cohere.embed-english-v3"]
                        }
                    }
                }
            }
        }
    }
}
```

## The Amazon Bedrock policy syntax includes the following elements


`"bedrock"`  
The top-level key for Amazon Bedrock policy documents.

`"guardrail_inference"`  
Defines guardrail enforcement configuration.

`<region>`  
The region where the policy will be enforced. For example, `"us-east-1"`.

`"config_1"`  
Configuration identifier for the guardrail settings.

`"identifier"` (Required)  
Guardrail ARN, followed by `:version`, the Guardrail version.  
+ The Guardrail must be owned by the Management account. You cannot create a policy using a Guardrail from another account.
+ The Guardrail must have a version, and that version cannot be DRAFT. To create a version of your guardrail, see [Create a version of a guardrail](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-versions-create.html) in the Amazon Bedrock user guide.
+ The Guardrail must have a Resource Based Policy that allows organization members to call `ApplyGuardrail`.
+ The Guardrail must be created and used in the specified region.

`"selective_content_guarding"` (Optional)  
Amazon Bedrock APIs allow marking specific content within the input that the caller wants guardrails to process. These settings let enforcers control whether or not to respect content tagging decisions made by the caller. When specified, one of `"system"` or `"messages"` is required.

`"system"` (Optional)  
Choose how system prompts will be processed by guardrails. Defaults to `comprehensive` when not specified.  
+ `"comprehensive"`: Evaluate all content regardless of guard content tags.
+ `"selective"`: Only evaluate content within guard content tags. Does not evaluate any content when no tags are specified.

`"messages"` (Optional)  
Choose how message content with user and assistant conversation will be processed by guardrails. Defaults to `comprehensive` when not specified.  
+ `"comprehensive"`: Evaluate all content regardless of guard content tags.
+ `"selective"`: Only evaluate content within guard content tags. Evaluates all content within messages when no tags are specified.

`"model_enforcement"` (Optional)  
Model-specific information for the enforced guardrail configuration. If not present, the configuration is enforced on all models.

`"included_models"` (Required)  
List of models to enforce the guardrail on. When empty, applies enforcement to all models. Also accepts the keyword “ALL” to explicitly include all models.

`"excluded_models"` (Required)  
Models to exclude from enforcement of the guardrail. When empty, does not exclude any models from enforcement. If a model is present in both the included and excluded models lists, it is excluded.