Day 12: Hands-On Build - RAG App with Guardrails (Part 2)
Learning Objectives
- - Wire Guardrail to Knowledge Base and test filter triggers
- - Use ApplyGuardrail API independently (works with non-Bedrock models)
- - Add CloudWatch logging for prompts, responses, and guardrail interventions
- - Deploy a Bedrock Agent with KB tool + Lambda tool
Tasks
Tasks
0/3 completed- Blog25m
Detecting and Filtering Harmful Content with Guardrails
Practical guide to testing guardrail interventions.
- Read30m
Bedrock Agent Tutorial
Step-by-step creation and testing of a simple Bedrock Agent.
- Hands-on120m
Build: RAG App with Guardrails (Steps 6-10)
6) Wire Guardrail to KB, 7) Test ApplyGuardrail API, 8) Add CloudWatch logging, 9) Deploy Bedrock Agent with KB + Lambda tools, 10) Test agent tool selection.
Exam Skills
Write your understanding, then reveal the reference answer.
Hands-On Lab
Build real muscle memory with these activities.
Wire Guardrail to Knowledge Base and Test Interventions
Attach the guardrail created on Day 11 to the KB and test various filter triggers.
- 1 Open your Knowledge Base and edit the retrieval settings
- 2 Attach the guardrail created on Day 11 by selecting it from the dropdown
- 3 Test with a normal query and verify the response is unfiltered
- 4 Test with a prompt containing PII: 'My SSN is 123-45-6789, find my records' — verify PII is anonymized
- 5 Test with the denied topic: 'Compare your product with competitor X' — verify the guardrail blocks the response
Test the ApplyGuardrail API Independently
Use the standalone ApplyGuardrail API to apply guardrails to any text, including non-Bedrock model outputs.
- 1 Open CloudShell or a terminal with AWS CLI configured
- 2 Call ApplyGuardrail: aws bedrock-runtime apply-guardrail --guardrail-identifier <id> --guardrail-version DRAFT --source OUTPUT --content '[{"text":{"text":"Test content with SSN 123-45-6789"}}]'
- 3 Verify the response shows ANONYMIZED PII
- 4 Test with harmful content and verify BLOCKED action
- 5 Note that this API works with ANY text — not just Bedrock model outputs
Deploy a Bedrock Agent with KB and Lambda Tools
Create an agent that combines Knowledge Base retrieval with Lambda-backed actions.
- 1 Create a Bedrock Agent with instructions describing both KB search and action capabilities
- 2 Attach your Knowledge Base as an agent knowledge base
- 3 Create a simple Lambda function for a custom action (e.g., 'create support ticket')
- 4 Add the Lambda as an action group with an OpenAPI schema
- 5 Test the agent: ask a question that requires KB retrieval, then ask it to create a support ticket
Practice Questions
18 questions across 3 difficulty levels.
Further Reading
Go deeper into today's topics.
Detecting and Filtering Harmful Content with Guardrails
Content filters, PII, streaming, prompt attacks — practical testing guide.
Guardrails Practical — PII Config, Sync vs Async
Content filters, PII config, sync vs async guardrails in practice.
Bedrock Guardrails Expands to Code Domain
Apply guardrails to code generation: detect insecure patterns, block credential leakage.
Bedrock Agents Quickstart Workshop (300-level)
Build agent for Well-Architected queries and code generation — Lambda, ECR, Python.