Skip to main content
AWS Bedrock Guardrails provides a comprehensive solution for securing your LLM applications, including content filtering, PII detection and redaction, and more. To get started with AWS Bedrock Guardrails, visit their documentation:

Get Started with AWS Bedrock Guardrails

Using AWS Bedrock Guardrails with Portkey

Portkey provides native support for AWS Bedrock Guardrails to secure your LLM applications, including features like content filtering and PII detection.

1. Create a guardrail on AWS Bedrock

  • Navigate to AWS Bedrock -> Guardrails -> Create guardrail
  • Configure the guardrail according to your requirements
  • Once the guardrail is created, note the ID and version displayed on the console - you’ll need these to enable the guardrail in Portkey

2. Enable Bedrock integration on Portkey

  • Navigate to the Integrations page in Portkey
  • Find and enable the Bedrock integration
  • Add your AWS credentials on the integrations page

3. Create a guardrail on Portkey

  • Navigate to the Guardrails page and click the Create button
  • Search for Apply bedrock guardrail and click Add
  • Enter the guardrail ID and version from step 1
  • Configure any additional settings as needed
  • Click Create and note the Portkey Guardrail ID

4. Add the Portkey Guardrail ID to a config

Create a config with your guardrail: 
{
  "input_guardrails": ["guardrails-id-xxx"],
  "output_guardrails": ["guardrails-id-xxx"]
}
Save this config in Portkey UI and get the Config ID.

5. Attach the config to your requests

  • NodeJS
  • Python
  • OpenAI NodeJS
  • OpenAI Python
  • cURL
const portkey = new Portkey({
    apiKey: "PORTKEY_API_KEY",
    config: "pc-***" // Your Config ID from step 4
});
For more details, refer to the Config documentation.

Response handling

When using AWS Bedrock Guardrails through Portkey, the response will include details about any guardrail checks that were triggered. You can configure different behaviors based on your security requirements through the Portkey Guardrails UI.

Using Raw Guardrails with AWS Bedrock

You can define AWS Bedrock guardrails directly in your code for more programmatic control without using the Portkey UI. This “raw guardrails” approach lets you dynamically configure guardrails based on your application’s needs.
We recommend creating guardrails using the Portkey UI whenever possible. Raw guardrails are more complex and require you to manage credentials and configurations directly in your code.

Available AWS Bedrock Guardrails

Guardrail NameIDDescriptionParameters
Apply bedrock guardrailbedrock.guardApplies AWS Bedrock guardrail checks for LLM requests/responsesguardrailId (string), guardrailVersion (string), redact (boolean), timeout (number)

Key Configuration Properties

  • type: Always set to "guardrail" for guardrail checks
  • id: A unique identifier for your guardrail
  • credentials: Authentication details for AWS Bedrock (if using assumedRole)
  • checks: Array of guardrail checks to run
    • id: The specific guardrail ID - in this case, bedrock.guard
    • parameters: Configuration options for the guardrail
  • deny: Whether to block the request if guardrail fails (true/false)
  • async: Whether to run guardrail asynchronously (true/false)
  • on_success/on_fail: Optional callbacks for success/failure scenarios
    • feedback: Data for logging and analytics
    • weight: Importance of this feedback (0-1)
    • value: Feedback score (-10 to 10)

Implementation Example

{
  "before_request_hooks": [
    {
      "type": "guardrail",
      "id": "bedrock-guardrail",
      "credentials": {
        // You can choose EITHER set of credentials for bedrock
        "awsAccessKeyId": "string",
        "awsSecretAccessKey": "string",
        "awsSessionToken": "string", //(optional)
        "awsRegion": "string",
        // OR
        "awsAuthType": "assumedRole",
        "awsRoleArn": "string",
        "awsExternalId": "string",
        "awsRegion": "string",
      },
      "checks": [
        {
          "id": "bedrock.guard",
          "parameters": {
            "guardrailId": "YOUR_GUARDRAIL_ID",
            "guardrailVersion": "GUARDRAIL_VERSION",
            "redact": true, // or false
            "timeout": 5000 // timeout in ms
          }
        }
      ],
      "deny": true,
      "async": false,
      "on_success": {
        "feedback": {
          "weight": 1,
          "value": 1,
          "metadata": {
            "user": "user_xyz"
          }
        }
      },
      "on_fail": {
        "feedback": {
          "weight": 1,
          "value": -1,
          "metadata": {
            "user": "user_xyz"
          }
        }
      }
    }
  ]
}
When using raw guardrails, you must provide valid credentials for AWS Bedrock directly in your config. Make sure to handle these credentials securely and consider using environment variables or secrets management.

Get Support

If you face any issues with the AWS Bedrock Guardrails integration, just ping us on the community forum.