Multiple guardrails

All, in accordance with my research only one guardrail can be used in knowledge base, agents and chats. Does anybody know why do we have this limitation? i see the same limitation in both console and API. Possible use case: an enterprise level guardrail for all enterprise app (PII etc) and additional one or more on application level. While It may be possible to implement this use case by using files etc for guardrails, but multiple guardrails may be better solution. Any information would be greatly appreciated Thank you YK

Topics

Machine Learning & AI Generative AI on AWS

Tags

Amazon Bedrock

Language

English

asked a month ago89 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hi,

The configuration of a guardrail is based on policies: see https://docs.aws.amazon.com/bedrock/latest/userguide/quotas.html

- A guardrail is a combination of multiple policies configured for prompts and response 
including; content filters, denied topics, sensitive information filters, and word filters.

- A guardrail can be configured with a single policy, or a combination of multiple policies.

So, can you define the common part that you want to share in a policy that you re-use across multiple guardrails?

Best,

Didier

EXPERT

Didier_Durand

answered a month ago

YK
a month ago
Didier, Thank you for a quick answer and great explanations! Let’s consider example of a company “C” and two departments “A” and “B”. In API terms, Company security requirement is to use couple of filtersConfig (types like HATE, MISCONDUCT etc.) and sensitiveInformationPolicyConfig. https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html#:~:text=To%20create%20a%20guardrail,Guardrails%20section%2C%20select%20Create%20guardrail.

Departments “A” and “B” want to use additional separate wordsConfig. In that case “A” creates guardrail based on a copied “C” policy with additional its own wordsConfig. Same with “B”. They also need to consider versioning of changing “C” policy… Is it what you referring to?

Maybe it is the matter of approaches, but would it not it easier to create guardrail based on “C” policy and individual department guardrails? And combine them as needed?

However, maybe combine approach would be more costly and less quotas friendly? Thank you again YK

Relevant content

Guardrail: Deny access to AWS based on the requested AWS RegionInfo - how to customize the Guardrail SCP??
Alex
asked 2 years ago
Implementing Guardrails
BigD63
asked 2 years ago
Guardrail recommendations
Secopsol54
asked a year ago
Why Guardrails cannot be enabled when using tools in converse operations
Accepted Answer
YK
asked a month ago
Why do I see "audit: backlog limit exceeded" errors in my EC2 Linux instance's screenshot and system logs, and what can I do to avoid this?
AWS OFFICIALUpdated a month ago
How do I integrate Salesforce Knowledge Base articles with Amazon Connect Wisdom?
AWS OFFICIALUpdated 2 years ago
How do I create a rate-based rule with a rate limit of fewer than 100 requests in AWS WAF?
AWS OFFICIALUpdated 13 days ago
Why do I get a limit exceeded error when I add rules to AWS WAF?
AWS OFFICIALUpdated 18 days ago
The leverage of LLM system prompt by Knowledge Bases for Bedrock in RAG workflows
EXPERT
Didier_Durand
published 2 months ago
Why is a /24 the smallest IP range that can be used with BYOIP?
EXPERT
Brettski-AWS
published 2 years ago