AWS::Bedrock::Guardrail

Creates a guardrail to block topics and to implement safeguards for your generative AI applications.

You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection.

• Content filters - Adjust filter strengths to block input prompts or model responses containing harmful content.

• Denied topics - Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.

• Word filters - Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.

• Sensitive information filters - Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.

In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail.

For more information, see Guardrails for Amazon Bedrock in the Amazon Bedrock User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Bedrock::Guardrail",
  "Properties" : {
      "BlockedInputMessaging" : String,
      "BlockedOutputsMessaging" : String,
      "ContentPolicyConfig" : ContentPolicyConfig,
      "Description" : String,
      "KmsKeyArn" : String,
      "Name" : String,
      "SensitiveInformationPolicyConfig" : SensitiveInformationPolicyConfig,
      "Tags" : [ Tag, ... ],
      "TopicPolicyConfig" : TopicPolicyConfig,
      "WordPolicyConfig" : WordPolicyConfig
    }
}

YAML

Type: AWS::Bedrock::Guardrail
Properties:
  BlockedInputMessaging: String
  BlockedOutputsMessaging: String
  ContentPolicyConfig: 
    ContentPolicyConfig
  Description: String
  KmsKeyArn: String
  Name: String
  SensitiveInformationPolicyConfig: 
    SensitiveInformationPolicyConfig
  Tags: 
    - Tag
  TopicPolicyConfig: 
    TopicPolicyConfig
  WordPolicyConfig: 
    WordPolicyConfig

Properties

BlockedInputMessaging

The message to return when the guardrail blocks a prompt.

Required: Yes

Type: String

Minimum: 1

Maximum: 500

Update requires: No interruption

BlockedOutputsMessaging

The message to return when the guardrail blocks a model response.

Required: Yes

Type: String

Minimum: 1

Maximum: 500

Update requires: No interruption

ContentPolicyConfig

The content filter policies to configure for the guardrail.

Required: No

Type: ContentPolicyConfig

Update requires: No interruption

Description

A description of the guardrail.

Required: No

Type: String

Minimum: 1

Maximum: 200

Update requires: No interruption

KmsKeyArn

The ARN of the AWS KMS key that you use to encrypt the guardrail.

Required: No

Type: String

Pattern: ^arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$

Minimum: 1

Maximum: 2048

Update requires: No interruption

Name

The name of the guardrail.

Required: Yes

Type: String

Pattern: ^[0-9a-zA-Z-_]+$

Minimum: 1

Maximum: 50

Update requires: No interruption

SensitiveInformationPolicyConfig

The sensitive information policy to configure for the guardrail.

Required: No

Type: SensitiveInformationPolicyConfig

Update requires: No interruption

Tags

The tags that you want to attach to the guardrail.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption

TopicPolicyConfig

The topic policies to configure for the guardrail.

Required: No

Type: TopicPolicyConfig

Update requires: No interruption

WordPolicyConfig

The word policy you configure for the guardrail.

Required: No

Type: WordPolicyConfig

Update requires: No interruption

Return values

Ref

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreatedAt

The date and time at which the guardrail was created.

FailureRecommendations

Appears if the status of the guardrail is FAILED. A list of recommendations to carry out before retrying the request.

GuardrailArn

The ARN of the guardrail.

GuardrailId

The unique identifier of the guardrail.

Status

The status of the guardrail.

StatusReasons

Appears if the status is FAILED. A list of reasons for why the guardrail failed to be created, updated, versioned, or deleted.

UpdatedAt

The date and time at which the guardrail was last updated.

Version

The version of the guardrail.

Note

This will always be DRAFT for the AWS::Bedrock::Guardrail resource. To create a version based on the resource, use the AWS::Bedrock::GuardrailVersion resource.