惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
IT之家
IT之家
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
博客园 - 【当耐特】
Recorded Future
Recorded Future
罗磊的独立博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
Last Week in AI
Last Week in AI
S
Schneier on Security
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
AWS News Blog
AWS News Blog
D
Docker
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 叶小钗
Spread Privacy
Spread Privacy
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
P
Palo Alto Networks Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
V2EX
T
Tenable Blog
A
Arctic Wolf
C
Cisco Blogs
S
SegmentFault 最新的问题
T
The Exploit Database - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
The Register - Security
The Register - Security
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Latest news
Latest news
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Threatpost
L
LangChain Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
腾讯CDC
I
Intezer
Schneier on Security
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org

AWS News Blog

Amazon SQS turns 20: Two decades of reliable messaging at scale | Amazon Web Services AWS Weekly Roundup: AWS Builder Center at 1 year, Network Scanning in Security Hub, Loom for AWS, and more (July 13, 2026) | Amazon Web Services AWS Weekly Roundup: Claude Sonnet 5 on AWS, Amazon WorkSpaces for AI agents, AWS service availability updates, and more (July 6, 2026) | Amazon Web Services Upgrade Amazon EKS clusters with confidence using Kubernetes version rollbacks | Amazon Web Services Accelerate your infrastructure deployments by up to 4x with AWS CloudFormation Express mode | Amazon Web Services Amazon EC2 C9g and C9gd instances powered by AWS Graviton5 processors are now available | Amazon Web Services Automate public TLS certificate issuance with ACME support in AWS Certificate Manager | Amazon Web Services AWS Weekly Roundup, Agentic CX designer for Amazon Connect Customer, EC2 AMI Watermarks, Open Governance for MySQL, and more (June 29, 2026) | Amazon Web Services Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVMs | Amazon Web Services AWS Weekly Roundup: NY Summit recap, Local Zone in Hanoi, Grok 4.3 in Bedrock, price reductions, and more (June 22, 2026) | Amazon Web Services Announcing Amazon EC2 G7 instances accelerated by NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs | Amazon Web Services Amazon ECS introduces new high-resolution metrics for faster service auto scaling | Amazon Web Services Top announcements of the AWS Summit in New York, 2026 | Amazon Web Services Introducing Amazon Bedrock Managed Knowledge Base for faster, more accurate enterprise AI applications | Amazon Web Services Announcing Web Search on Amazon Bedrock AgentCore: Ground your AI agents in current, accurate web knowledge | Amazon Web Services Proactively reduce tech debt autonomously with AWS Transform – continuous modernization (preview) | Amazon Web Services AWS DevOps Agent adds release management capabilities to assess code changes before production (preview) | Amazon Web Services AWS Security Agent adds threat modeling, Kiro power and Claude Code plugin, and more | Amazon Web Services Amazon S3 annotations: attach rich, queryable context directly to your objects | Amazon Web Services AWS WAF adds AI traffic monetization capability to help content owners charge AI bots for content access | Amazon Web Services AWS Weekly Roundup: AWS FinOps Agent in preview, Gemma 4 on Bedrock, Kiro Pro Max, and more (June 15, 2026) | Amazon Web Services Now available: Amazon EC2 M9g and M9gd instances powered by new AWS Graviton5 processors | Amazon Web Services Anthropic Claude Fable 5 on AWS: Mythos-class capabilities with built-in safeguards now available | Amazon Web Services AWS Weekly Roundup: BYOM for Amazon RDS for SQL Server, AWS IoT Device SDK for Swift, and more (June 8, 2026) | Amazon Web Services Try the new console experience in Amazon Bedrock, optimized for Anthropic- and OpenAI-compatible APIs | Amazon Web Services Improve your application resilience with Amazon Cognito multi-Region replication | Amazon Web Services Get started with OpenAI GPT-5.5, GPT-5.4 models, and Codex on Amazon Bedrock | Amazon Web Services AWS Weekly Roundup: Claude Opus 4.8 on AWS, Aurora MySQL with Kiro Powers, and more (June 1, 2026) | Amazon Web Services Introducing the next generation of AWS Resilience Hub for generative AI-based SRE resilience journey | Amazon Web Services Introducing the next generation of Amazon OpenSearch Serverless for building your agentic AI applications | Amazon Web Services Meet Our Newest AWS Heroes – May 2026 | Amazon Web Services AWS Weekly Roundup: AWS Local Zones in Istanbul, open-source ExtendDB, Kiro Web, and more (May 25, 2026) | Amazon Web Services AWS Weekly Roundup: AWS Transform at 1 year, Claude Platform on AWS, EC2 M3 Ultra Mac instances, and more (May 18, 2026) | Amazon Web Services Amazon Bedrock introduces new advanced prompt optimization and migration tool | Amazon Web Services Amazon Redshift introduces AWS Graviton-based RG instances with an integrated data lake query engine | Amazon Web Services AWS Weekly Roundup: Amazon Bedrock AgentCore payments, Agent Toolkit for AWS, and more (May 11, 2026) | Amazon Web Services The AWS MCP Server is now generally available | Amazon Web Services Modernize your workflows: Amazon WorkSpaces now gives AI agents their own desktop (preview) | Amazon Web Services AWS Weekly Roundup: What’s Next with AWS 2026, Amazon Quick, OpenAI partnership, and more (May 4, 2026) | Amazon Web Services Top announcements of the What’s Next with AWS, 2026 | Amazon Web Services AWS Weekly Roundup: Anthropic & Meta partnership, AWS Lambda S3 Files, Amazon Bedrock AgentCore CLI, and more (April 27, 2026) | Amazon Web Services AWS Weekly Roundup: Claude Opus 4.7 in Amazon Bedrock, AWS Interconnect GA, and more (April 20, 2026) | Amazon Web Services Introducing Anthropic’s Claude Opus 4.7 model in Amazon Bedrock | Amazon Web Services AWS Interconnect is now generally available, with a new option to simplify last-mile connectivity | Amazon Web Services AWS Weekly Roundup: Claude Mythos Preview in Amazon Bedrock, AWS Agent Registry, and more (April 13, 2026) | Amazon Web Services Launching S3 Files, making S3 buckets accessible as file systems | Amazon Web Services AWS Weekly Roundup: AWS DevOps Agent & Security Agent GA, Product Lifecycle updates, and more (April 6, 2026) | Amazon Web Services Announcing managed daemon support for Amazon ECS Managed Instances | Amazon Web Services Announcing the AWS Sustainability console: Programmatic access, configurable CSV reports, and Scope 1–3 reporting in one place | Amazon Web Services AWS Weekly Roundup: AWS AI/ML Scholars program, Agent Plugin for AWS Serverless, and more (March 30, 2026) | Amazon Web Services Customize your AWS Management Console experience with visual settings including account color, region and service visibility | Amazon Web Services Announcing Amazon Aurora PostgreSQL serverless database creation in seconds | Amazon Web Services AWS Weekly Roundup: NVIDIA Nemotron 3 Super on Amazon Bedrock, Nova Forge SDK, Amazon Corretto 26, and more (March 23, 2026) | Amazon Web Services 20 years in the AWS Cloud – how time flies! | Amazon Web Services Our First 2026 AWS Heroes Cohort Is Here! | Amazon Web Services AWS Weekly Roundup: Amazon S3 turns 20, Amazon Route 53 Global Resolver general availability, and more (March 16, 2026) | Amazon Web Services Twenty years of Amazon S3 and building what’s next | Amazon Web Services Introducing account regional namespaces for Amazon S3 general purpose buckets | Amazon Web Services AWS Weekly Roundup: Amazon Connect Health, Bedrock AgentCore Policy, GameDay Europe, and more (March 9, 2026) | Amazon Web Services Introducing OpenClaw on Amazon Lightsail to run your autonomous private AI agents | Amazon Web Services AWS Weekly Roundup: OpenAI partnership, AWS Elemental Inference, Strands Labs, and more (March 2, 2026) | Amazon Web Services AWS Security Hub Extended offers full-stack enterprise security with curated partner solutions | Amazon Web Services Transform live video for mobile audiences with AWS Elemental Inference | Amazon Web Services AWS Weekly Roundup: Claude Sonnet 4.6 in Amazon Bedrock, Kiro in GovCloud Regions, new Agent Plugins, and more (February 23, 2026) | Amazon Web Services
Amazon Bedrock Guardrails supports cross-account safeguards with centralized control and management | Amazon Web Services
2026-04-04 · via AWS News Blog

AWS News Blog

Voiced by Polly

Today, we’re announcing the general availability of cross-account safeguards in Amazon Bedrock Guardrails, a new capability that enables centralized enforcement and management of safety controls across multiple AWS accounts within an organization.

With this new capability, you can specify a guardrail in a new Amazon Bedrock policy within the management account of your organization that automatically enforces configured safeguards across all member entities for every model invocation with Amazon Bedrock. This organization-wide implementation supports uniform protection across all accounts and generative AI applications with centralized control and management. This capability also offers flexibility to apply account-level and application-specific controls depending on use case requirements in addition to organizational safeguards.

  • Organization-level enforcements apply a single guardrail from your organization’s management account to all entities within the organization through policy settings. This guardrail automatically enforces filters across all member entities, including organizational units (OUs) and individual accounts, for all Amazon Bedrock model invocations.
  • Account-level enforcement enables automatic enforcement of configured safeguards across all Amazon Bedrock model invocations in your AWS account. The configured safeguards in the account-level guardrail apply to all inference API calls.

You can now establish and centrally manage dependable, comprehensive protection through a single, unified approach. This supports consistent adherence to corporate responsible AI requirements while significantly reducing the administrative burden of monitoring individual accounts and applications. Your security team no longer needs to oversee and verify configurations or compliance for each account independently.

Getting started with centralized enforcement in Amazon Bedrock Guardrails
You can get started with account-level and organization-level enforcement configuration in the Amazon Bedrock Guardrails console. Before the enforcement configuration, you need to create a guardrail with a particular version to support the guardrail configuration remains immutable and cannot be modified by member accounts and complete prerequisites for using the new capability such as resource-based policies for guardrails.

To enable account-level enforcement, choose Create in the section of Account-level enforcement configurations.

You can choose the guardrail and version to automatically apply to all Bedrock inference calls from this account in this Region. With general availability, we introduce the new feature defining which models will be affected by the enforcement with either Include or Exclude behavior.

You can also configure selective content guarding controls for system prompts and user prompts with either Comprehensive or Selective.

  • Use Comprehensive when you want to enforce guardrails on everything, regardless of what the caller tags. This is the safer default when you don’t want to rely on callers to correctly identify sensitive content.
  • Use Selective when you trust callers to tag the right content and want to reduce unnecessary guardrail processing. This is useful when callers handle a mix of pre-validated and user-generated content, and only need guardrails applied to specific portions.

After creating the enforcement, you can test and verify enforcement using a role in your account. The account-enforced guardrail should automatically apply to both prompts and outputs.

Check the response for guardrail assessment information. The guardrail response will include enforced guardrail information. You can also test by making a Bedrock inference call using InvokeModel, InvokeModelWithResponseStream, Converse, or ConverseStream APIs.

To enable organization-level enforcement, go to AWS Organizations console and choose Policies menu. You can enable the Bedrock policies in the console.

You can create a Bedrock policy that specifies your guardrail and attach it to your target accounts or OUs. Choose Bedrock policies enabled and Create policy. Specify your guardrail ARN and version and configure the input tags setting for in the AWS Organizations. To learn more, visit Amazon Bedrock policies in AWS Organizations and Amazon Bedrock policy syntax and examples.

After creating the policy, you can attach the policy to your desired organizational units, accounts, root in the Targets tab.

Search and select your organization root, OUs, or individual accounts to attach your policy, and choose Attach policy.

You can test that the guardrail is being enforced on member accounts and verify which guardrail is enforced. From a member account attached, you should see the organization enforced guardrail under the section Organization-level enforcement configurations.

The underlying safeguards within the specified guardrail are then automatically enforced for every model inference request across all member entities, ensuring consistent safety controls. To accommodate varying requirements of individual teams or applications, you can attach different policies with associated guardrails to different member entities through your organization.

Things to know
Here are key considerations to know about GA features:

  • You can now choose to include or exclude specific models in Bedrock for inference, enabling centralized enforcement on model invocation calls. You can also choose to safeguard partial or complete system prompts and input prompts. To learn more, visit Apply cross-account safeguards with Amazon Bedrock Guardrails enforcement.
  • Ensure you are specifying the accurate guardrail Amazon Resource Names (ARN) in the policy. Specifying an incorrect or invalid ARN will result in policy violations, non-enforcement of safeguards, and the inability to use the models in Amazon Bedrock for inference. To learn more, visit Best practices for using Amazon Bedrock policies.
  • Automated Reasoning checks are not supported with this capability.

Now available
Cross-account safeguards in Amazon Bedrock Guardrails is generally available today in the all AWS commercial and GovCloud Regions where Bedrock Guardrails is available. For Regional availability and a future roadmap, visit the AWS Capabilities by Region. Charges apply to each enforced guardrail according to its configured safeguards. For detailed pricing information on individual safeguards, visit Amazon Bedrock Pricing page.

Give this capability a try in the Amazon Bedrock console and send feedback to AWS re:Post for Amazon Bedrock Guardrails or through your usual AWS Support contacts.

Channy