Comprehensive and Detailed Explanation (AWS AI documents):

AWS recommends using managed, purpose-built services to enforce safety, compliance, and responsible AI controls in generative AI applications in order to minimize operational complexity and maintenance effort.

Amazon Bedrock Guardrails are specifically designed to help customers:

Block or mask sensitive information, such as personally identifiable information (PII)

Detect and reduce hallucinations by enforcing grounding and response constraints

Apply content filters, topic restrictions, and safety policies consistently across generative AI applications

Configure safeguards without building or managing custom infrastructure

Because Guardrails are fully managed and integrated directly with Amazon Bedrock, they require minimal setup, no custom code for policy enforcement, and no infrastructure management, resulting in the least operational overhead.

Why the other options are less suitable:

A. AWS Lambda policy evaluator requires custom logic, testing, monitoring, and ongoing maintenance.

B. FM default policies alone are insufficient because they do not provide application-specific masking, hallucination detection, or configurable governance controls.

D. Custom EC2-based policy evaluators introduce the highest operational overhead due to server management, scaling, patching, and monitoring.

AWS AI Study Guide References:

Amazon Bedrock overview and safety features

Amazon Bedrock Guardrails for responsible generative AI

AWS best practices for building secure and governed generative AI applications