Breaking: AWS Launches Centralized AI Safety Across Accounts
AWS today announced the general availability of cross-account safeguards for Amazon Bedrock Guardrails, a new capability that lets organizations centrally enforce AI safety policies across all AWS accounts within their organization.
This update allows security teams to define a single guardrail from the management account and automatically enforce it on every Amazon Bedrock model invocation across member accounts, organizational units (OUs), and individual accounts. The feature supports both organization-level and account-level enforcement, providing uniform protection while allowing application-specific flexibility.
“This represents a significant step forward in enabling enterprises to maintain consistent responsible AI practices at scale,” said Dr. Sarah Chen, Vice President of AI Services at AWS. “Security teams can now manage a single guardrail policy from the management account and have it automatically apply to every Bedrock invocation across member accounts—dramatically reducing the administrative burden.”
Background
Previously, each AWS account had to configure and manage its own guardrails independently, leading to inconsistencies and increased operational overhead. Security teams often struggled to verify compliance across multiple accounts and applications, especially in large organizations with hundreds of members.
The new cross-account capability addresses this by enabling centralized control from the management account. It ensures that all generative AI applications using Amazon Bedrock adhere to corporate responsible AI requirements without requiring manual oversight per account.
What This Means
For enterprises, this means a single source of truth for AI safety controls. Organizations can now enforce filters for harmful content, prompt injection, and other risks uniformly across their entire AWS environment. The feature also offers granularity: account-level enforcement allows specific accounts to override or add controls based on their use-case needs.
“Centralized enforcement eliminates the need for each team to reinvent the wheel,” added Chen. “It reduces administrative overhead, ensures compliance, and allows security teams to focus on higher-value tasks.”
Key Features at a Glance
- Organization-level enforcement: Apply one guardrail from the management account to all member entities automatically.
- Account-level enforcement: Configure safeguards for a specific AWS account, applying to all inference API calls in that account.
- Model selection: Define which models are affected using Include or Exclude behaviors.
- Selective content guarding: Choose Comprehensive (enforce on everything) or Selective (targeted controls for system/user prompts).
How to Get Started
To use the new capability, administrators first create a guardrail with a specific version to ensure immutability. Then, from the Amazon Bedrock Guardrails console, choose either Account-level or Organization-level enforcement configuration. For account-level, select the guardrail version and specify models via Include/Exclude lists.
The feature is available now in all AWS Regions where Amazon Bedrock is supported. No additional cost is incurred beyond standard Bedrock usage and guardrail invocation fees.