Permissions to create and manage guardrails for the policy role Permissions for invoking guardrails to filter content

Set up permissions to use Amazon Bedrock Guardrails

To set up a role with permissions for guardrails, create an IAM role and attach the following permissions by following the steps at Creating a role to delegate permissions to an AWS service.

If you're using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at Create a service role for Amazon Bedrock Agents.

Permissions to create and manage guardrails for the policy role

Append the following statement to the Statement field in the policy for your role to use guardrails.

Note

If you pass tags when creating a guardrail (for example, by using the tags parameter in the CreateGuardrail API), you must also include the bedrock:TagResource permission in your policy.

Permissions for invoking guardrails to filter content

Append the following statement to the Statement field in the policy for the role to allow for model inference and to invoke guardrails. These InvokeModel permissions are only required when using guardrails with Amazon Bedrock foundation models. If you are using guardrails independently with the ApplyGuardrail API (for example, to filter content from third-party models), you only need the bedrock:ApplyGuardrail permission.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Prerequisites

Permissions for Automated Reasoning policies