Use the AI AWS Guardrails plugin
Configure the AI Proxy Advanced plugin to route requests to any LLM upstreams, then apply the AI AWS Guardrails plugin to block unsafe inputs and outputs based on a predefined Bedrock guardrail.
Prerequisites
Kong Konnect
This is a Konnect tutorial and requires a Konnect personal access token.
-
Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Export your token to an environment variable:
export KONNECT_TOKEN='YOUR_KONNECT_PAT' -
Run the quickstart script to automatically provision a Control Plane and Data Plane, and configure your environment:
curl -Ls https://get.konghq.com/quickstart | bash -s -- -k $KONNECT_TOKEN --deck-outputThis sets up a Konnect Control Plane named
quickstart, provisions a local Data Plane, and prints out the following environment variable exports:export DECK_KONNECT_TOKEN=$KONNECT_TOKEN export DECK_KONNECT_CONTROL_PLANE_NAME=quickstart export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com export KONNECT_PROXY_URL='http://localhost:8000'Copy and paste these into your terminal to configure your session.
Kong Gateway running
This tutorial requires Kong Gateway Enterprise. If you don’t have Kong Gateway set up yet, you can use the quickstart script with an enterprise license to get an instance of Kong Gateway running almost instantly.
-
Export your license to an environment variable:
export KONG_LICENSE_DATA='LICENSE-CONTENTS-GO-HERE' -
Run the quickstart script:
curl -Ls https://get.konghq.com/quickstart | bash -s -- -e KONG_LICENSE_DATAOnce Kong Gateway is ready, you will see the following message:
Kong Gateway Ready
decK
decK is a CLI tool for managing Kong Gateway declaratively with state files. To complete this tutorial you will first need to install decK.
Required entities
For this tutorial, you’ll need Kong Gateway entities, like Gateway Services and Routes, pre-configured. These entities are essential for Kong Gateway to function but installing them isn’t the focus of this guide. Follow these steps to pre-configure them:
-
Run the following command:
echo ' _format_version: "3.0" services: - name: example-service url: http://httpbin.konghq.com/anything routes: - name: example-route paths: - "/anything" service: name: example-service ' | deck gateway apply -
To learn more about entities, you can read our entities documentation.
OpenAI
This tutorial uses OpenAI:
- Create an OpenAI account.
- Get an API key.
- Create a decK variable with the API key:
export DECK_OPENAI_API_KEY='YOUR OPENAI API KEY'
AWS Account
To complete this tutorial, you will need the following credentials
- AWS_REGION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
You can get the access key ID and secret access key from the AWS IAM Console under Users > Security credentials, and the region from the AWS Console where your resources are deployed. Once you have them, export them as environment variables by running the following command and replacing placeholder values with your secrets:
export DECK_AWS_REGION='YOUR_AWS_REGION'
export DECK_AWS_ACCESS_KEY_ID='YOUR_AWS_ACCESS_KEY'
export DECK_AWS_SECRET_ACCESS_KEY='YOUR_AWS_SECRET_ACCESS_KEY'
Bedrock Guardrail
To complete this tutorial, you must have a Guardrail policy created in your AWS Bedrock account:
-
Install AWS CLI v2 Follow the official installation guide. After installation, confirm it by running:
aws --version -
Configure AWS credentials Run the following command and provide your IAM user or role credentials:
aws configureYou will be prompted to enter:
- AWS Access Key ID
- AWS Secret Access Key
- Default region name (e.g.,
us-east-1) - Default output format (e.g.,
json)
Make sure your IAM user or role has Bedrock permissions such as
bedrock:CreateGuardrail,bedrock:CreateGuardrailVersion, and others necessary for managing guardrails. For more details, see the AWS CLI configuration documentation. -
Test that you can call Bedrock operations by running:
aws bedrock list-foundation-modelsIf this command fails, check your credentials, permissions, and configured region.
-
Create a
guardrail.jsonconfiguration file: This configuration defines an Amazon Bedrock guardrail namedexample-guardrailthat blocks harmful or restricted content—including specific words, topics like quantum computing, and categories such as violence, hate, and prompt attacks—in both input and output messages.cat <<'EOF' > guardrail.json { "name": "example-guardrail", "description": "My first Bedrock guardrail via CLI", "blockedInputMessaging": "Input blocked due to policy violation.", "blockedOutputsMessaging": "Output blocked due to policy violation.", "wordPolicyConfig": { "wordsConfig": [ { "inputAction": "BLOCK", "inputEnabled": true, "outputAction": "BLOCK", "outputEnabled": true, "text": "badword1" }, { "inputAction": "BLOCK", "inputEnabled": true, "outputAction": "BLOCK", "outputEnabled": true, "text": "badword2" } ] }, "topicPolicyConfig": { "topicsConfig": [ { "name": "quantum computing", "definition": "Anything related to quantum computing", "examples": [], "type": "DENY", "inputAction": "BLOCK", "outputAction": "BLOCK", "inputEnabled": true, "outputEnabled": true } ] }, "contentPolicyConfig": { "filtersConfig": [ { "type": "VIOLENCE", "inputStrength": "HIGH", "outputStrength": "HIGH", "inputAction": "BLOCK", "outputAction": "BLOCK" }, { "type": "PROMPT_ATTACK", "inputStrength": "HIGH", "outputStrength": "NONE", "inputAction": "BLOCK" }, { "type": "MISCONDUCT", "inputStrength": "HIGH", "outputStrength": "HIGH", "inputAction": "BLOCK", "outputAction": "BLOCK" }, { "type": "HATE", "inputStrength": "HIGH", "outputStrength": "HIGH", "inputAction": "BLOCK", "outputAction": "BLOCK" }, { "type": "SEXUAL", "inputStrength": "HIGH", "outputStrength": "HIGH", "inputAction": "BLOCK", "outputAction": "BLOCK" }, { "type": "INSULTS", "inputStrength": "HIGH", "outputStrength": "HIGH", "inputAction": "BLOCK", "outputAction": "BLOCK" } ] } } EOF -
Apply this configuration by running the following command in your terminal:
aws bedrock create-guardrail \ --cli-input-json file://$HOME/guardrail.json \ --region $DECK_AWS_REGIONIf successful, your terminal will output the following:
{ "guardrailId": "0abcs5r0q3abcd", "guardrailArn": "arn:aws:bedrock:us-east-1:111111141111:guardrail/0nhw5r0q3abcd", "version": "DRAFT", "createdAt": "2025-06-18T08:49:40.678019+00:00" }Export the Guardrail ID and Guardrail version as environment variables:
export DECK_GUARDRAILS_ID=0abcs5r0q3abcd export DECK_GUARDRAILS_VERSION=DRAFT
Configure the AI Proxy Advanced plugin
First, you’ll need to configure the AI Proxy Advanced plugin to proxy prompt requests to your model provider, and handle authentication:
echo '
_format_version: "3.0"
plugins:
- name: ai-proxy-advanced
config:
targets:
- route_type: llm/v1/chat
auth:
header_name: Authorization
header_value: Bearer ${{ env "DECK_OPENAI_API_KEY" }}
model:
provider: openai
name: gpt-4o
options:
max_tokens: 512
temperature: 1.0
' | deck gateway apply -
Configure the AI AWS Guardrails plugin
Now, we can configure our AI AWS Guardrails plugin to enforce content moderation policies by attaching a predefined Bedrock guardrail to requests.
echo '
_format_version: "3.0"
plugins:
- name: ai-aws-guardrails
config:
guardrails_id: "${{ env "DECK_GUARDRAILS_ID" }}"
guardrails_version: "${{ env "DECK_GUARDRAILS_VERSION" }}"
aws_region: "${{ env "DECK_AWS_REGION" }}"
aws_access_key_id: "${{ env "DECK_AWS_ACCESS_KEY_ID" }}"
aws_secret_access_key: "${{ env "DECK_AWS_SECRET_ACCESS_KEY" }}"
' | deck gateway apply -
Test the configuration
Now, let’s revisit our guardrail configuration. We set it up to block specific banned words, the topic of quantum computing, and content categories like violence, hate, sexual content, insults, and misconduct—applying blocking actions on both input and output.
Next, let’s test these guardrails using example prompts designed to trigger each blocked category. Sending any of these prompts will result in the following error response:
{
"error": {
"message": "Input blocked due to policy violation."
}
}
This confirms that the guardrail is correctly blocking disallowed content at the input stage.
Blocked words
Use these prompts containing blocked badwords to test the guardrail:
Blocked topic: Quantum computing
Use these prompts to test the guardrail on the topic “quantum computing”:
Blocked categories
Use these prompts to test the guardrail on blocked content categories:
Cleanup
Clean up Konnect environment
If you created a new control plane and want to conserve your free trial credits or avoid unnecessary charges, delete the new control plane used in this tutorial.
Destroy the Kong Gateway container
curl -Ls https://get.konghq.com/quickstart | bash -s -- -d