Skip to main content

Overview

The AWS Bedrock Guardrail plugin is a robust content filtering system that leverages Amazon Bedrock’s guardrail capabilities to protect your AI gateway. It provides comprehensive content moderation through Amazon’s pre-trained models and customizable guardrails, ensuring that content passing through your gateway adheres to specified policies and guidelines. The plugin integrates seamlessly with AWS Bedrock’s guardrail system, which offers three primary types of protection:
  • Topic Policy: Controls allowed and disallowed topics
  • Content Policy: Filters potentially harmful or inappropriate content
  • Sensitive Information Policy: Detects and protects against exposure of sensitive data
Each policy type can be configured through AWS Bedrock’s guardrail configuration, making this plugin highly flexible and adaptable to various use cases and security requirements.

Features

  1. Topic-based Filtering:
  • Block specific topics or subject matters
  • Customizable topic policies
  • Fine-grained control over allowed content
  1. Content Moderation:
  • Detection of harmful content
  • Customizable content policies
  • Multiple filter types for different content categories
  1. PII Protection:
  • Detection of sensitive information
  • Protection against data leakage
  • Customizable PII entity types
  1. Action Configuration:
  • Customizable block messages
  • Detailed error reporting
  • Comprehensive logging

Authentication

The AWS Bedrock Guardrail plugin supports two authentication methods for connecting to AWS services. Proper authentication configuration is essential for the plugin to access AWS Bedrock guardrail services.

Authentication Methods

1. AWS Access Key/Secret Key Authentication

This is the traditional method using AWS access keys. Best suited for development environments or when using dedicated service accounts. 
{
    "settings": {
        "guardrail_id": "<your-guardrail-id>",
        "version": "1",
        "credentials": {
            "aws_access_key": "AKIA...",
            "aws_secret_key": "your-secret-key",
            "aws_region": "us-east-1",
            "aws_session_token": "optional-session-token"
        },
        "actions": {
            "message": "%s"
        }
    }
}
This method uses AWS STS (Security Token Service) to assume an IAM role. This is the recommended approach for production environments as it provides better security through temporary credentials. 
{
    "settings": {
        "guardrail_id": "<your-guardrail-id>",
        "version": "1",
        "credentials": {
            "use_role": true,
            "role_arn": "arn:aws:iam::123456789012:role/TrustGateBedrockRole",
            "session_name": "trustgate-bedrock-session",
            "aws_region": "us-east-1"
        },
        "actions": {
            "message": "%s"
        }
    }
}

Authentication Configuration Parameters

Credentials Configuration

ParameterDescriptionRequiredAuthentication Method
aws_access_keyAWS access key IDYes*Access Key/Secret
aws_secret_keyAWS secret access keyYes*Access Key/Secret
aws_regionAWS region for Bedrock serviceYesBoth
aws_session_tokenOptional AWS session token for temporary credsNoAccess Key/Secret
use_roleEnable IAM role-based authenticationNoRole-based
role_arnARN of the IAM role to assumeYes**Role-based
session_nameName for the assumed role sessionNoRole-based
*Required when use_role is false or not specified
**Required when use_role is true

Authentication Best Practices

Security Recommendations

  1. Use IAM Roles in Production: Role-based authentication is more secure as it uses temporary credentials and follows AWS security best practices.
  2. Principle of Least Privilege: Ensure the IAM user or role has only the minimum permissions required: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "bedrock:ApplyGuardrail"
            ],
            "Resource": [
                "arn:aws:bedrock:*:*:guardrail/*"
            ]
        }
    ]
}
  3. Region Selection: Choose the AWS region closest to your deployment for optimal performance and compliance.
  4. Credential Management:
    • Never hardcode credentials in configuration files
    • Use environment variables or secure credential management systems
    • Rotate access keys regularly when using access key authentication

Environment-Specific Configurations

Development Environment: 
{
    "credentials": {
        "aws_access_key": "${AWS_ACCESS_KEY_ID}",
        "aws_secret_key": "${AWS_SECRET_ACCESS_KEY}",
        "aws_region": "us-east-1"
    }
}
Production Environment: 
{
    "credentials": {
        "use_role": true,
        "role_arn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/TrustGateBedrockRole",
        "session_name": "trustgate-bedrock-prod",
        "aws_region": "us-east-1"
    }
}

Configuration Examples

Basic Configuration

The basic configuration provides essential content filtering with a specified guardrail: 
{
    "settings": {
        "guardrail_id": "<your-guardrail-id>",
        "version": "1",
        "actions": {
            "message": "%s"
        }
    }
}
Key components of the basic configuration:

Configuration Parameters

ParameterDescriptionRequired
guardrail_idAWS Bedrock Guardrail identifierYes
versionGuardrail version (defaults to “1”)No
actions.messageCustom message template for blocked contentNo

Security-Focused Configuration

For environments requiring strict security controls: 
{
    "settings": {
        "guardrail_id": "<your-guardrail-id>",
        "version": "2",
        "actions": {
            "message": "Security violation detected: %s. This incident has been logged."
        }
    }
}

Example Use Cases

1. Content Moderation Gateway

Create a gateway that moderates content using AWS Bedrock’s guardrails: 
curl -X POST "http://localhost:8080/api/v1/gateways" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Bedrock Guardrail Gateway",
    "subdomain": "bedrock-guard",
    "required_plugins": [
        {
            "name": "bedrock_guardrail",
            "enabled": true,
            "stage": "pre_request",
            "priority": 1,
            "settings": {
                "guardrail_id": "<your-guardrail-id>",
                "version": "1",
                "actions": {
                    "message": "%s"
                }
            }
        }
    ]
}'
Test with safe content: 
curl -X POST "http://localhost:8081/post" \
    -H "Host: bedrock-guard.example.com" \
    -H "X-TG-API-Key: ${API_KEY}" \
    -H "Content-Type: text/plain" \
    -d "The latest deployment includes performance improvements and bug fixes."

# Expected Response: 200 OK
Test with policy violation: 
curl -X POST "http://localhost:8081/post" \
    -H "Host: bedrock-guard.example.com" \
    -H "X-TG-API-Key: ${API_KEY}" \
    -H "Content-Type: text/plain" \
    -d "I dont like obama"

# Expected Response: 403 Forbidden
# Message: "Content blocked: Potentially harmful content detected"

2. Topic Policy Protection

The topic policy feature allows you to control which subjects or topics are allowed or denied in the content. When a topic is blocked, the plugin will return a specific error message indicating which topic violated the policy. Example configuration focusing on topic policies: 
curl -X POST "http://localhost:8080/api/v1/gateways" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Topic Protection Gateway",
    "subdomain": "topic-protection",
    "required_plugins": [
        {
            "name": "bedrock_guardrail",
            "enabled": true,
            "stage": "pre_request",
            "priority": 1,
            "settings": {
                "guardrail_id": "<your-guardrail-id>",
                "version": "1",
                "actions": {
                    "message": "Topic policy violation"
                }
            }
        }
    ]
}'

3. Sensitive Information Protection

The plugin can detect and block content containing sensitive information such as PII (Personally Identifiable Information): 
curl -X POST "http://localhost:8080/api/v1/gateways" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Protection Gateway",
    "subdomain": "pii-protection",
    "required_plugins": [
        {
            "name": "bedrock_guardrail",
            "enabled": true,
            "stage": "pre_request",
            "priority": 1,
            "settings": {
                "guardrail_id": "<your-guardrail-id>",
                "version": "1",
                "actions": {
                    "message": "Sensitive information detected"
                }
            }
        }
    ]
}'

Best Practices

1. Guardrail Configuration

• Use appropriate guardrail IDs for your use case • Test guardrails thoroughly before deployment • Keep guardrail versions consistent across environments

2. Error Handling

• Implement descriptive error messages • Log policy violations appropriately • Review and update policies regularly

3. Performance Optimization

• Use appropriate AWS region for reduced latency

Performance Considerations

The AWS Bedrock Guardrail plugin is designed for optimal performance while providing robust content filtering capabilities. The plugin maintains a single AWS client instance per plugin instance, reducing the overhead of creating new connections for each request. The implementation includes efficient error handling and logging mechanisms to ensure reliable operation in production environments. Key performance features include:
  • Efficient AWS client management
  • Optimized request handling
  • Comprehensive logging for debugging
  • Minimal memory footprint
  • Fast response times for content evaluation
The plugin’s architecture supports concurrent processing with low latency, making it suitable for high-throughput environments. The integration with AWS Bedrock’s guardrail system ensures that content evaluation is performed quickly and efficiently, with minimal impact on overall system performance.
I