Bug fixes

• Fixed the recommended policy packs for the AWS Bedrock enforced-guardrail objectives — content filters, topic policy, sensitive information protection, contextual grounding, model enforcement, and selective content guarding. They previously referenced policy settings that did not exist or omitted the enforced-guardrail binding, so they could not be applied. They now bind the correct AWS > Bedrock > Guardrail > Settings and AWS > Bedrock > Enforced Guardrail Configuration > Settings sub-policies.
• Fixed the recommended implementation for the Enforce approved foundation models for AWS Bedrock objective. It previously blocked RetrieveAndGenerate outright because that action cannot be scoped to a foundation model; the action has been removed so the recommendation only governs invocations it can actually constrain.
• Fixed the recommended implementation for the Enforce mandatory Bedrock guardrail on AWS Bedrock invocations objective so it can be deployed as-is. It previously denied invocations that attached an approved guardrail pinned to a published version, and it blocked RetrieveAndGenerate, an action that cannot carry the guardrail condition key. It now allows versioned guardrail ARNs and applies only to the invocation actions it can govern.

Prevention Objectives

Renamed

• Enforce mandatory Bedrock Guardrail on AWS Bedrock invocations to Enforce mandatory Bedrock guardrail on AWS Bedrock invocations