Create a guardrail in the Bedrock console or via boto3 bedrock.create_guardrail() with content filters, topic policies, PII detectors, and word block lists
Note the guardrailId and guardrailVersion returned after creation
Create a Bedrock Runtime client: client = boto3.client('bedrock-runtime')
Call client.apply_guardrail(guardrailIdentifier=guardrailId, guardrailVersion=guardrailVersion, source='INPUT' or 'OUTPUT', content=[{'text': {'text': text_to_check}}])
Inspect the response action field — 'GUARDRAIL_INTERVENED' means content was blocked or modified; 'NONE' means content passed
Set outputScope='FULL' in the request to receive both blocked and non-blocked content in the response for debugging
Known gotchas
ApplyGuardrail is model-agnostic — it works on any text regardless of which LLM produced it, enabling centralized content policy across multi-provider gateways
The default response only includes detected (blocked) content — set outputScope='FULL' to see the complete output including passed content during development
Cross-account guardrail enforcement (GA April 2026) lets a central security team apply one guardrail across multiple AWS accounts — configure this via AWS Organizations before assuming per-account setup is required
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp