# Set up permissions to use Amazon Bedrock Guardrails
To set up a role with permissions for guardrails, create an IAM role and attach the following permissions by following the steps at [Creating a role to delegate permissions to an AWS service](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html).
If you're using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at [Create a service role for Amazon Bedrock Agents](agents-permissions.md).
## Permissions to create and manage guardrails for the policy role
Append the following statement to the `Statement` field in the policy for your role to use guardrails.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CreateAndManageGuardrails",
"Effect": "Allow",
"Action": [
"bedrock:CreateGuardrail",
"bedrock:CreateGuardrailVersion",
"bedrock:DeleteGuardrail",
"bedrock:GetGuardrail",
"bedrock:ListGuardrails",
"bedrock:UpdateGuardrail"
],
"Resource": "*"
}
]
}
```
------
## Permissions for invoking guardrails to filter content
Append the following statement to the `Statement` field in the policy for the role to allow for model inference and to invoke guardrails.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModel",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
]
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
]
}
]
}
```
------
# Permissions for Automated Reasoning policies with ApplyGuardrail
When using Automated Reasoning policies with the `ApplyGuardrail` API, you need an IAM policy that allows you to invoke the Automated Reasoning policy.
```
{
"Sid": "AutomatedReasoningChecks",
"Effect": "Allow",
"Action": [
"bedrock:InvokeAutomatedReasoningPolicy"
],
"Resource": [
"arn:aws:bedrock:region:account-id:automated-reasoning-policy/policy-id:policy-version"
]
}
```
This policy allows you to invoke the specified Automated Reasoning policy in your account.
# Permissions for Automated Reasoning policies with agents
When you create an agent in Amazon Bedrock, the service role for the agent automatically includes policies for invoking guardrails (`bedrock:ApplyGuardrail`) and foundation models. To attach a guardrail that includes an Automated Reasoning policy to your agent, manually add permissions to the agent's service role.
Update the `AmazonBedrockAgentBedrockApplyGuardrailPolicy` policy on your agent's service role to include the `bedrock:GetGuardrail` action and access to guardrail profiles. Then, add a separate statement that grants the `bedrock:InvokeAutomatedReasoningPolicy` action for your Automated Reasoning policy resource.
The following example shows the complete statements list:
```
"Statement": [
{
"Sid": "AmazonBedrockAgentBedrockApplyGuardrailPolicyProd",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail",
"bedrock:GetGuardrail"
],
"Resource": [
"arn:aws:bedrock:region:account-id:guardrail/guardrail-id",
"arn:aws:bedrock:*:account-id:guardrail-profile/*"
]
},
{
"Sid": "InvokeAutomatedReasoningPolicyProd",
"Effect": "Allow",
"Action": "bedrock:InvokeAutomatedReasoningPolicy",
"Resource": [
"arn:aws:bedrock:region:account-id:automated-reasoning-policy/policy-id:policy-version"
]
}
]
```
**Note**
The existing `AmazonBedrockAgentBedrockFoundationModelPolicy` on your agent's service role does not need to be modified. Only the `AmazonBedrockAgentBedrockApplyGuardrailPolicy` requires the changes described above.
# (Optional) Create a customer managed key for your guardrail for additional security
You encrypt your guardrails with customer managed AWS KMS keys. Any user with `CreateKey` permissions can create customer managed keys by using the AWS Key Management Service (AWS KMS) console or [CreateKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html) operation. In these situations, make sure to create a symmetric encryption key.
After you create your key, configure the following permission policies.
1. Do the following to create a resource-based key policy:
1. [Create a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key.
1. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each `role` with the role that you want to allow to carry out the specified actions.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Id": "KMS key policy",
"Statement": [
{
"Sid": "PermissionsForGuardrailsCreators",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:user/role"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey",
"kms:DescribeKey",
"kms:CreateGrant"
],
"Resource": "*"
},
{
"Sid": "PermissionsForGuardrailsUsers",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:user/role"
},
"Action": "kms:Decrypt",
"Resource": "*"
}
]
}
```
------
1. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the `key-id` with the ID of the KMS key that you created.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowRoleToCreateAndManageGuardrails",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:CreateGrant"
],
"Resource": "arn:aws:kms:us-east-1:123456789012:key/key-id"
}
]
}
```
------
1. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the `key-id` with the ID of the KMS key that you created.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowRoleToUseEncryptedGuardrailDuringInference",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": "arn:aws:kms:us-east-1:123456789012:key/key-id"
}
]
}
```
------
# Enforce the use of specific guardrails in model inference requests
You can enforce the use of a specific guardrail for model inference by including the `bedrock:GuardrailIdentifier` condition key in your IAM policy. This allows you to deny any inference API request that doesn't include the guardrail configured in your IAM policy.
You can apply this enforcement for the following inference APIs:
+ [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html)
+ [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html)
+ [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html)
+ [InvokeModelWithResponseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModelWithResponseStream.html)
The following examples are some ways in which you can using the `bedrock:GuardrailIdentifier` condition key.
**Example 1: Enforce the use of a specific guardrail and its numeric version**
Use the following policy to enforce the use of a specific guardrail (`guardrail-id`) and its numeric version 1 during model inference.
The explicit deny keeps the user request from calling the listed actions with any other `GuardrailIdentifier` and guardrail version no matter what other permissions the user might have.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModelStatement1",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringEquals": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id:1"
}
}
},
{
"Sid": "InvokeFoundationModelStatement2",
"Effect": "Deny",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringNotEquals": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id:1"
}
}
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
]
}
]
}
```
**Example 2: Enforce the use of a specific guardrail and its DRAFT version**
Use the following policy to enforce the use of a specific guardrail (`guardrail-id`) and its DRAFT version during model inference.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModelStatement1",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringEquals": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
}
}
},
{
"Sid": "InvokeFoundationModelStatement2",
"Effect": "Deny",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringNotEquals": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
}
}
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
]
}
]
}
```
**Example 3: Enforce the use of a specific guardrail and any of its numeric versions**
Use the following policy to enforce the use of a specific guardrail (`guardrail-id`) and any of its numeric versions during model inference.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModelStatement1",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"ArnLike": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id:*"
}
}
},
{
"Sid": "InvokeFoundationModelStatement2",
"Effect": "Deny",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"ArnNotLike": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id:*"
}
}
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
]
}
]
}
```
**Example 4: Enforce the use of a specific guardrail and any of its versions**
Use the following policy to enforce the use of a specific guardrail (`guardrail-id`) and any of its numeric versions (including the DRAFT version) during model inference.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModelStatement1",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"ArnLike": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id*"
}
}
},
{
"Sid": "InvokeFoundationModelStatement2",
"Effect": "Deny",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"ArnNotLike": {
"bedrock:GuardrailIdentifier": "arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id*"
}
}
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-id"
]
}
]
}
```
**Example 5: Enforce the use of specific guardrail and version pairs**
Use the following policy to allow model inference for only a set of guardrails and their respective versions.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InvokeFoundationModelStatement1",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringEquals": {
"bedrock:GuardrailIdentifier": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-1-id:1",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-2-id:2",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-3-id"
]
}
}
},
{
"Sid": "InvokeFoundationModelStatement2",
"Effect": "Deny",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/*"
],
"Condition": {
"StringNotEquals": {
"bedrock:GuardrailIdentifier": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-1-id:1",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-2-id:2",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-3-id"
]
}
}
},
{
"Sid": "ApplyGuardrail",
"Effect": "Allow",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-1-id",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-2-id",
"arn:aws:bedrock:us-east-1:123456789012:guardrail/guardrail-3-id"
]
}
]
}
```
**Limitations**
If a user assumes an IAM role that has a specific guardrail configured using the `bedrock:GuardrailIdentifier` condition key:
+ A user should not use the same role with additional permissions to invoke Bedrock APIs like `RetrieveAndGenerate` and `InvokeAgent` that make `InvokeModel` calls on behalf of the user. This can lead to access denied errors even when the guardrail is specified in the request because `RetrieveAndGenerate` and `InvokeAgent` make multiple `InvokeModel` calls, and some of these calls don't include a guardrail.
+ A user can bypass applying a guardrail in their prompt by using [guardrail input tags](guardrails-tagging.md). However, the guardrail is always applied on the response.
+ Since Amazon Bedrock Guardrails don't currently support resource-based policies for cross-account access, your guardrail must be in the same AWS account as the IAM role making the request.
# Permissions for using cross-Region inference with Amazon Bedrock Guardrails
Using [cross-Region inference](guardrails-cross-region.md) with Amazon Bedrock Guardrails requires adding specific permissions to your IAM role, including allowing access to guardrail profiles in other Regions.
## Permissions to create and manage guardrails for cross-Region inference
Use the following IAM policy to [create](guardrails-components.md), [view](guardrails-view.md), [modify](guardrails-edit.md), and [delete](guardrails-delete.md) a guardrail that uses a specific guardrail profile. You only need these permissions for calling an [Amazon Bedrock control plane endpoint](https://docs.aws.amazon.com/general/latest/gr/bedrock.html#br-cp).
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CreateAndManageGuardrails",
"Effect": "Allow",
"Action": [
"bedrock:CreateGuardrail",
"bedrock:UpdateGuardrail",
"bedrock:DeleteGuardrail",
"bedrock:GetGuardrail",
"bedrock:ListGuardrails"
],
"Resource": [
"arn:aws:bedrock:us-east-1:123456789012:guardrail/*",
"arn:aws:bedrock:us-east-1:123456789012:guardrail-profile/guardrail-profile-id"
]
}
]
}
```
------
## Permissions for invoking guardrails with cross-Region inference
When invoking a guardrail with cross-Region inference, you need an IAM policy that specifies the destination Regions defined in your guardrail profile.
```
{
"Effect": "Allow",
"Action": ["bedrock:ApplyGuardrail"],
"Resource": [
"arn:aws:bedrock:us-east-1:account-id:guardrail/guardrail-id",
"arn:aws:bedrock:us-east-1:account-id:guardrail-profile/us.guardrail.v1:0",
"arn:aws:bedrock:us-east-2:account-id:guardrail-profile/us.guardrail.v1:0",
"arn:aws:bedrock:us-west-2:account-id:guardrail-profile/us.guardrail.v1:0"
]
}
```
This example policy specifies the following resources:
+ The guardrail that you're invoking in your source Region (in this case, `us-east-1`).
+ The destination Regions defined in the guardrail profile you're using (in this case, `us.guardrail.v1:0`). For information on which destination Regions to specify in your policy, see the [Available guardrail profiles](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-cross-region-support.html#available-guardrail-profiles).
# Using resource-based policies for guardrails
Amazon Bedrock Guardrails supports resource-based policies for guardrails and guardrails inference profiles. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
You can attach a resource-based policy (RBP) to Guardrails resources (guardrail or guardrail inference profile). In this policy, you specify permissions for Identity and Access Management (IAM) [principals](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) that can perform specific actions on these resources. For example, the policy attached to a guardrail will contain permissions to apply the guardrail or read the guardrail configuration.
Resource-based policies are recommended for use with account-level enforced guardrails, and are required for use of organization-level enforced guardrails, because for organizational enforced guardrails the member accounts are required to apply a guardrail that exists in the organization administrator account. In order to use a guardrail in a different account, the caller identity must have permission to call the `bedrock:ApplyGuardrail` API on the guardrail, and the guardrail must have a resource based policy attached which gives that caller permission. For more information, see [Cross-account policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic-cross-account.html) and [Identity-based policies and resource-based policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html).
RBPs are attached from the guardrails detail page. If the guardrail has Cross-Region Inference (CRIS) enabled, the caller must also have `ApplyGuardrail` permission on all destination-region guardrail-owner-account profile objects associated with that profile, and RBPs must be attached to the profiles in turn. For more information, see [Permissions for using cross-Region inference with Amazon Bedrock Guardrails](guardrail-profiles-permissions.md). Profiles detail pages can be reached from the "System-defined guardrail profiles" section on the guardrails dashboard, and RBPs attached from there.
For enforced guardrails (either organization or account-level), all callers of Bedrock Invoke or Converse APIs who do not have permissions to call that guardrail will start seeing their calls fail with an `AccessDenied` exception. For this reason it is strongly recommended to check that you are able to call [ApplyGuardrail](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_ApplyGuardrail.html) API on the guardrail from the identities it will be used by, in the accounts it will be enforced on, before creating an organizational or account enforced guardrail configuration.
The allowed policy language for guardrail and guardrail-profile resource-based policies is currently restricted and only supports a limited set of policy statements.
## Supported policy statement patterns
### Share guardrail within your own account
`account-id` must be the account containing the guardrail.
**Policy for a guardrail:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": [
"bedrock:ApplyGuardrail",
"bedrock:GetGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail/guardrail-id"
}]
}
```
------
**Policy for a guardrail-profile:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail-profile/profile-id"
}]
}
```
------
### Share guardrail with your organization
`account-id` must match the account that you are attaching the RBP from, and that account must be in `org-id`.
**Policy for a guardrail:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"bedrock:GetGuardrail",
"bedrock:ApplyGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail/guardrail-id",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "org-id"
}
}
}]
}
```
------
**Policy for a guardrail-profile:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail-profile/profile-id",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "org-id"
}
}
}]
}
```
------
### Share guardrail with specific OUs
`account-id` must match the account that you are attaching the RBP from, and that account must be in `org-id`.
**Policy for a guardrail:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"bedrock:ApplyGuardrail",
"bedrock:GetGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail/guardrail-id",
"Condition": {
"ForAnyValue:StringLike": {
"aws:PrincipalOrgPaths": [
"org-id/*/org-unit-id/*"
]
}
}
}]
}
```
------
**Policy for a guardrail-profile:**
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"bedrock:ApplyGuardrail"
],
"Resource": "arn:aws:bedrock:us-east-1:111122223333:guardrail-profile/profile-id",
"Condition": {
"ForAnyValue:StringLike": {
"aws:PrincipalOrgPaths": [
"org-id/*/org-unit-id/*"
]
}
}
}]
}
```
------
## Unsupported features
Guardrails does not support sharing outside of your organization.
Guardrails does not support RBPs with conditions other than the ones listed above on `PrincipalOrgId` or `PrincipalOrgPaths`.
Guardrails does not support use of a `*` Principal without an organization or organizational unit condition.
Guardrails only supports the `bedrock:ApplyGuardrail` and `bedrock:GetGuardrail` actions in RBPs. For guardrail-profile resources, only `ApplyGuardrail` is supported.