AWS Bedrock Guardrail Integration

This guide explains how to integrate AWS Bedrock Guardrails with TrueFoundry to enhance the safety and compliance of your LLM applications.

​

Prerequisites

Before integrating AWS Bedrock Guardrails, ensure you have the following:

• API Key: A valid API key for accessing AWS services.
• Guardrail Identifier, Region and Version: The identifier, region and version of the Bedrock guardrail you wish to integrate. You can get more details on amazon bedrock guardrails here.

Ensure these prerequisites are met to smoothly integrate AWS Bedrock Guardrails into your TrueFoundry environment.

​

Adding AWS Bedrock Guardrail Integration

To add AWS Bedrock Guardrails to your TrueFoundry setup, follow these steps:

1. Navigate to AI Gateway

   • Go to AI Gateway in your TrueFoundry dashboard.

2. Access Guardrails

   • Click on Guardrails.

3. Add New Guardrails Group

   • Click on Add New Guardrails Group.

Guardrails groups help manage access control and security policies for your LLM applications. Configure rules to prevent harmful content, ensure compliance, and maintain data privacy. For more details, refer to the Collaborator Section.

4. Fill in the Guardrails Group Form
   • Name: Enter a name for your guardrails group.
   • Collaborators: Add collaborators who will have access to this group.
   • AWS Bedrock Guardrail Config:
     • Name: Enter a name for the AWS Bedrock Guardrail configuration.
     • Operation: The operation type to use for the Guardrail.
       • Validate: Guardrails with this operation are used to validate requests. These guardrails are run in parallel.
       • Mutate: Guardrails with this operation can both validate and mutate requests. Mutate guardrails are run sequentially.
     • Guardrail Identifier: Provide the identifier for the Bedrock guardrail.
     • Guardrail Version: Specify the version of the guardrail.
   • AWS Authentication Data:
     You can authenticate with AWS in one of two ways:
     1. Access Key Based Authentication
        • Access Key ID and Secret Access Key: Enter the AWS credentials that have permission to invoke Bedrock Guardrails.
        • For security and best practices, use an IAM user or role with the minimum required permissions to access Bedrock Guardrails. Avoid using root credentials.

     2. Assumed Role Based Authentication
        • Role ARN: Provide the Amazon Resource Name (ARN) of the IAM role to assume for accessing Bedrock Guardrails.
        • External ID (if required): Enter the external ID if your organization requires it for cross-account access.
        • Region: Specify the AWS region where your Bedrock Guardrail is deployed.
        • The system will use AWS STS to assume the provided role. Ensure the role has the necessary permissions for Bedrock Guardrails and that trust relationships are configured correctly.

     You need bedrock:ApplyGuardrail permission: This permission allows your IAM entity to call the ApplyGuardrail API, which is the core function for applying guardrails to input or output data.

By following these steps, you can effectively integrate AWS Bedrock Guardrails into your TrueFoundry environment, ensuring your applications adhere to safety and compliance standards.