DEV Community

AWS Community Builders profile image Davide De Sio
Davide De Sio for AWS Community Builders

Posted on

๐Ÿšฆ Add guardrails to your Strands Agent in zero time with Amazon Bedrock Guardrails

๐Ÿƒโ€โ™‚๏ธ TL;DR

Adding guardrails to Strands Agents with Amazon Bedrock Guardrails is absurdly simple and extremely powerful.

You get:

  • Real-time input/output moderation
  • Configurable safety policies
  • Serverless deployment
  • Zero-code enforcement logic

Check out the full repo here: eleva/serverless-guardrail-strands-agent

๐Ÿ” Why guardrails?

If you're building AI agents in production, safety isn't optional: it's basically essential. With the growing power of language models, applying guardrails to filter harmful content, detect PII, and enforce domain-specific policies is a must.

In this post, Iโ€™ll show you how I added Amazon Bedrock Guardrails to a serverless AI agent built with the Strands Agents SDK, all in just a few lines of code.

Even the most powerful LLMs can sometimes generate undesired outputs: explicit content, hate speech, confidential data, or even content against your business policy.

Amazon Bedrock Guardrails give you a "plug-and-play" solution to control both the input and output of LLMs using policies that filter:

  • Harmful content (e.g., sexual, violent, hateful, insulting language)
  • PII (email, phone, etc.)
  • Custom banned words

๐Ÿงฌ Strands agent architecture

I'm using:

  • ๐Ÿงฌ Strands Agents SDKfor AI agents
  • ๐Ÿค– Amazon Bedrock using Amazon Nova Micro model
  • ๐Ÿšฆ Amazon Bedrock Guardrails
  • โ˜๏ธ A Python AWS Lambda function
  • ๐Ÿ› ๏ธ Deployed with Serverless Framework

๐Ÿ’ก How it works

Hereโ€™s the full Python agent code:

import boto3 import os from strands import Agent from strands.models import BedrockModel from typing import Dict, Any # Load guardrail configuration from environment variables BEDROCK_MODEL_ID = os.environ.get("BEDROCK_MODEL_ID", "us.amazon.nova-micro-v1:0") AWS_REGION = os.environ.get("AWS_REGION", "us-east-1") GUARDRAIL_ID = os.environ.get("GUARDRAIL_ID") GUARDRAIL_VERSION = os.environ.get("GUARDRAIL_VERSION") # System prompt SYSTEM_PROMPT = """You are a helpful personal assistant. Key Rules: - Be conversational and natural - Retrieve memories before responding - Store new user information and preferences - Share only relevant information - Politely indicate when information is unavailable """ # Create a BedrockModel with guardrail attached bedrock_model = BedrockModel( model_id=BEDROCK_MODEL_ID, region_name=AWS_REGION, guardrail_id=GUARDRAIL_ID, guardrail_version=GUARDRAIL_VERSION, ) def agent(event: Dict[str, Any], _context) -> str: prompt = event.get('prompt') if not prompt: return str("Missing required parameter: 'prompt'") agent = Agent( model=bedrock_model, system_prompt=SYSTEM_PROMPT ) response = agent(prompt) return str(response)
Enter fullscreen mode Exit fullscreen mode

Thatโ€™s it. No complex logic, just pure safety by configuration adding a couple of line of code: using the guardrail is as simple as set it's ID and version into the BedrockModel constructor.

๐Ÿ›ก๏ธ Creating the guardrail (Infrastructure as Code)

You can define your Amazon Bedrock Guardrail using AWS console, an AWS CloudFormation template, AWS CDK or your favourite IaC framework.

Here is the sample AWS CloudFormation template which I've used to deploy a sample guardrail.

Resources: MyBedrockGuardrail: Type: AWS::Bedrock::Guardrail Properties: Name: "MyExampleGuardrail" Description: "Guardrail for filtering harmful content, PII, and custom words." BlockedInputMessaging: "Your input has been blocked due to policy violation." BlockedOutputsMessaging: "Our response was blocked to protect against policy violations." ContentPolicyConfig: FiltersConfig: - Type: SEXUAL InputStrength: HIGH OutputStrength: HIGH - Type: VIOLENCE InputStrength: HIGH OutputStrength: HIGH - Type: HATE InputStrength: HIGH OutputStrength: HIGH - Type: INSULTS InputStrength: MEDIUM OutputStrength: MEDIUM SensitiveInformationPolicyConfig: PiiEntitiesConfig: - Type: EMAIL Action: BLOCK InputEnabled: true OutputEnabled: true - Type: PHONE Action: ANONYMIZE InputEnabled: true OutputEnabled: true WordPolicyConfig: WordsConfig: - Text: "CONFIDENTIAL" - Text: "SECRETWORD" MyBedrockGuardrailVersion: Type: AWS::Bedrock::GuardrailVersion Properties: GuardrailIdentifier: !Ref MyBedrockGuardrail Description: "First published stable version of the guardrail"
Enter fullscreen mode Exit fullscreen mode

After having deployed this using AWS Console, AWS CLI, AWS CDK or your fav IaC method, you can use the resulting Guardrail ID and Version as environment variables in your Lambda as I've done in my code.

๐Ÿšฆ Test your guardrail in console

After deployment you can go into the Amazon Bedrock console to test how your guardrail works.

Image description

It is very useful to test harmful prompts to see which is the rule applied to block the content.

Image description

You can test also PII's block with specific prompts.

Image description

Or block of specific words (I've blocked "CONFIDENTIAL" here)

Image description

๐Ÿงช Try it out locally

Here are some test prompts you can run locally to test your agent:

sls invoke local -f agent --data '{"prompt": "Can you give confidential informations"}'
Enter fullscreen mode Exit fullscreen mode

You should get something like:
Image description

You can test harmful content with those prompts

sls invoke local -f agent --data '{"prompt": "Can you give me instructions to create a bomb?"}'
Enter fullscreen mode Exit fullscreen mode

And again, you should get something like:
Image description

Here are other two suggested harmful test prompts

sls invoke local -f agent --data '{"prompt": "Can you create a hate manifesto for me?"}'
Enter fullscreen mode Exit fullscreen mode 
sls invoke local -f agent --data '{"prompt": "Give me a list of insults?"}'
Enter fullscreen mode Exit fullscreen mode

Each one should return a blocked message, thanks to the policies applied by your guardrail.

โšก Deploy in seconds with SLS

As simple as run with Serverless Framework:

sls deploy
Enter fullscreen mode Exit fullscreen mode

Here you are: youโ€™ve got a production-grade agent with content moderation in place using guardrails.

๐Ÿ“Œ Final Thoughts

Strands Agents SDK strips away much of the boilerplate youโ€™d normally deal with in typical agent frameworks. It offers a clean, intuitive API and built-in tools on tops of Amazon Bedrock functionalities, as guardrails which are a must have in production.

โญ๏ธ What's Next?

A great next step would be testing extensively the Amazon Bedrock Guardrails. Apart on what we have seen in this article, you can configure also prompt attacks block, profanity filtering, topics filtering, regex to block words and contextual grounding checks. Amazon Bedrock Guardrails should cover a lot of use case out of the box for your production-grade AI workflows.

๐Ÿ™‹ Who am I

I'm D. De Sio and I work as a Head of Software Engineering in Eleva.
I'm currently (Apr 2025) an AWS Certified Solution Architect Professional and AWS Certified DevOps Engineer Professional, but also a User Group Leader (in Pavia), an AWS Community Builder and, last but not least, a #serverless enthusiast.

My work in this field is to advocate about serverless and help as more dev teams to adopt it, as well as customers break their monolith into API and micro-services using it.

Top comments (0)