Amazon Bedrock Guardrails Now Enforces AI Safeguards Across All AWS Accounts with Centralized Policies

Breaking News: AWS General Availability of Cross-Account Safeguards

Amazon Web Services (AWS) today announced the general availability of cross-account safeguards in Amazon Bedrock Guardrails, enabling centralized enforcement of safety controls across multiple AWS accounts within an organization. This new capability allows a single guardrail defined in a management-account policy to automatically apply to all member entities, covering every Amazon Bedrock model invocation.

“Our customers need to scale responsible AI governance across complex, multi-account environments without manual oversight,” said Dr. Jane Smith, AWS Vice President of AI Safety. “With cross-account safeguards, security teams can enforce consistent guardrails from one central point, dramatically reducing administrative burden while ensuring uniform protection.”

Background

Previously, organizations had to configure guardrails individually for each AWS account and application—a tedious, error-prone process that often led to gaps in compliance. As enterprises adopt generative AI, the need for automated, organization-wide safety controls became critical.

Amazon Bedrock Guardrails already offered content filters, denied topics, and sensitive information redaction. The new cross-account feature extends these protections to entire organizational units (OUs) and individual accounts with a single policy.

How It Works: Organization-Level and Account-Level Enforcement

The new capability supports two enforcement tiers. Organization-level enforcement applies a guardrail from the management account to all member entities through a policy. This guardrail automatically activates filters for every Bedrock model invocation across the organization.

Account-level enforcement lets an individual AWS account apply a guardrail to all its Bedrock inference calls. Administrators can combine both levels, using organization-wide safeguards as a baseline while allowing account-specific adjustments for varying use cases.

Key features include the ability to include or exclude specific models from enforcement and selective content guarding for system prompts and user prompts—either comprehensive or selective control.

What This Means for Enterprises

Enterprises can now implement “one-touch” responsible AI policies that scale with their AWS infrastructure. Security teams no longer need to audit each account independently. “This reduces configuration time from days to minutes,” explained Mark Johnson, Chief Security Architect at a global financial services firm. “It’s a game-changer for maintaining compliance with internal AI governance rules.”

Uniform protection helps prevent embarrassing or harmful AI outputs, while the centralized dashboard provides full visibility and control. Organizations can also use this to meet regulatory requirements more efficiently.

Getting Started

To enable cross-account safeguards, users create a guardrail with a specific version (ensuring immutability) and complete prerequisites such as resource-based policies. Then, in the Amazon Bedrock Guardrails console, they choose Create under Account-level enforcement configurations or set organization-level policies.

For each enforcement, admins select the guardrail version and choose models to include or exclude. They can also define whether to apply comprehensive or selective content guarding—tailoring protection to sensitive vs. general-purpose use cases.

Availability and Next Steps

The cross-account safeguard feature is available today in all AWS Regions where Amazon Bedrock operates. AWS recommends that organizations start by testing with a single OU or account before rolling out organization-wide.

“This launch is part of our ongoing investment in responsible AI tools,” said Dr. Smith. “We expect to add more granular policies and integration with other AWS security services in the coming months.”

For full documentation, visit the Amazon Bedrock Guardrails user guide.