AWS Bedrock Guardrails
AWS Bedrock Guardrails provide content filtering, PII detection, topic restrictions, and word filters. You must create the guardrail policies in the AWS console and then apply them to LLM route that you want to protect. When a request or response violates a guardrail policy, the agentgateway proxy blocks the interaction and returns an error.
AWS Bedrock Guardrails are model-agnostic and can be applied to any Large Language Model (LLM), whether it is hosted on AWS Bedrock, another cloud provider (like Google or Azure), or on-premises.
Before you begin
Set up AWS Bedrock guardrails
Create a guardrail in the AWS console or via the AWS CLI.
Retrieve your guardrail identifier and version. For more information, see the AWS documentation.
aws bedrock list-guardrails --region <aws-region>Example output:
{ "guardrails": [ { "id": "a1aaaa11aa1a", "arn": "arn:aws:bedrock:us-west-2:11111111111:guardrail/a1aaaa11aa1a", "status": "READY", "name": "my-guardrail", "description": "Testing agentgateway bedrock guardrail integration ", "version": "DRAFT", "createdAt": "2026-02-09T17:59:29+00:00", "updatedAt": "2026-02-09T18:01:29.567223+00:00" } ] }Create a Kubernetes secret with your AWS credentials. Make sure that you have permission to invoke the Bedrock Guardrails API.
kubectl create secret generic aws-secret \ -n agentgateway-system \ --from-literal=accessKey="$AWS_ACCESS_KEY_ID" \ --from-literal=secretKey="$AWS_SECRET_ACCESS_KEY" \ --from-literal=sessionToken="$AWS_SESSION_TOKEN" \ --type=Opaque \ --dry-run=client -o yaml | kubectl apply -f -Configure the prompt guard. Add the ID, version, and region of your guardrail.
kubectl apply -f - <<EOF apiVersion: agentgateway.dev/v1alpha1 kind: AgentgatewayPolicy metadata: name: openai-prompt-guard namespace: agentgateway-system spec: targetRefs: - group: gateway.networking.k8s.io kind: HTTPRoute name: openai backend: ai: promptGuard: request: - bedrockGuardrails: identifier: <guardrail-ID> version: "<version>" region: <region>> policies: auth: aws: secretRef: name: aws-secret response: - bedrockGuardrails: identifier: <guardrail-ID> version: "<version>" region: <region>> policies: auth: aws: secretRef: name: aws-secret EOFℹ️Theaws: {}configuration uses the default AWS credential chain (IAM role, environment variables, or instance profile). For authentication details, see the AWS authentication documentation.Test the guardrail. The following commands assume that you set up your guardrail to block requests that contain email information.
Cloud Provider LoadBalancer:
curl "$INGRESS_GW_ADDRESS/v1/chat/completions" -H content-type:application/json -d '{ "model": "", "messages": [ { "role": "user", "content": "My email is test@solo.io" } ] }' | jqLocalhost:
curl "localhost:8080/v1/chat/completions" -H content-type:application/json -d '{ "model": "", "messages": [ { "role": "user", "content": "My email is test@solo.io" } ] }' | jqCloud Provider LoadBalancer:
curl "$INGRESS_GW_ADDRESS/openai" -H content-type:application/json -d '{ "model": "", "messages": [ { "role": "user", "content": "My email is test@solo.io" } ] }' | jqLocalhost:
curl "localhost:8080/openai" -H content-type:application/json -d '{ "model": "", "messages": [ { "role": "user", "content": "My email is test@solo.io" } ] }' | jqExample output:
The request was rejected due to inappropriate content
Cleanup
You can remove the resources that you created in this guide.kubectl delete AgentgatewayPolicy openai-prompt-guard -n agentgateway-system
kubectl delete secret aws-secret -n agentgateway-system 