aws.bedrock-guardrail
Filters
json-diff
Compute the diff from the current resource to a previous version.
A resource matches the filter if a diff exists between the current resource and the selected revision.
Utilizes config as a resource revision database.
Revisions can be selected by date, against the previous version, and against a locked version (requires use of is-locked filter).
properties:
selector:
enum:
- previous
- date
- locked
selector_value:
type: string
type:
enum:
- json-diff
required:
- type
Permissions - config:GetResourceConfigHistory
Actions
rename-tag
Rename an existing tag key to a new value.
- example:
rename Application, and Bap to App, if a resource has both of the old keys then we’ll use the value specified by Application, which is based on the order of values of old_keys.
policies: - name: rename-tags-example resource: aws.log-group filters: - or: - "tag:Bap": present - "tag:Application": present actions: - type: rename-tag old_keys: [Application, Bap] new_key: App
properties:
new_key:
type: string
old_key:
type: string
old_keys:
items:
type: string
type: array
type:
enum:
- rename-tag
required:
- type
Permissions - tag:TagResources, tag:UntagResources
update
Update a Bedrock Guardrail using the update_guardrail API.
The action accepts top-level keys (for example wordPolicyConfig) which will be merged into the update payload.
Example policy:
policies:
- name: update-guardrail-example
resource: bedrock-guardrail
filters:
- type: value
key: wordPolicy
value: absent
actions:
- type: update
wordPolicyConfig:
wordsConfig:
- text: HATE
inputAction: BLOCK
outputAction: NONE
inputEnabled: true
outputEnabled: false
managedWordListsConfig:
- type: PROFANITY
inputAction: BLOCK
outputAction: NONE
inputEnabled: true
outputEnabled: false
properties:
automatedReasoningPolicyConfig:
properties:
confidenceThreshold:
type: number
policies:
items:
type: string
type: array
type: object
blockedInputMessaging:
type: string
blockedOutputsMessaging:
type: string
contentPolicyConfig:
properties:
filtersConfig:
items:
properties:
inputAction:
enum:
- BLOCK
- NONE
type: string
inputEnabled:
type: boolean
inputModalities:
items:
type: string
type: array
inputStrength:
enum:
- NONE
- LOW
- MEDIUM
- HIGH
type: string
outputAction:
enum:
- BLOCK
- NONE
type: string
outputEnabled:
type: boolean
outputModalities:
items:
type: string
type: array
outputStrength:
enum:
- NONE
- LOW
- MEDIUM
- HIGH
type: string
type:
enum:
- SEXUAL
- VIOLENCE
- HATE
- INSULTS
- MISCONDUCT
- PROMPT_ATTACK
type: string
type: object
type: array
tierConfig:
properties:
tierName:
enum:
- CLASSIC
- STANDARD
type: string
type: object
type: object
contextualGroundingPolicyConfig:
properties:
filtersConfig:
items:
properties:
action:
enum:
- BLOCK
- NONE
type: string
enabled:
type: boolean
threshold:
type: number
type:
enum:
- GROUNDING
- RELEVANCE
type: string
type: object
type: array
type: object
crossRegionConfig:
properties:
guardrailProfileIdentifier:
type: string
type: object
description:
type: string
guardrailIdentifier:
type: string
kmsKeyId:
type: string
name:
type: string
sensitiveInformationPolicyConfig:
properties:
piiEntitiesConfig:
items:
properties:
action:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
inputAction:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
inputEnabled:
type: boolean
outputAction:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
outputEnabled:
type: boolean
type:
enum:
- ADDRESS
- AGE
- AWS_ACCESS_KEY
- AWS_SECRET_KEY
- CA_HEALTH_NUMBER
- CA_SOCIAL_INSURANCE_NUMBER
- CREDIT_DEBIT_CARD_CVV
- CREDIT_DEBIT_CARD_EXPIRY
- CREDIT_DEBIT_CARD_NUMBER
- DRIVER_ID
- EMAIL
- INTERNATIONAL_BANK_ACCOUNT_NUMBER
- IP_ADDRESS
- LICENSE_PLATE
- MAC_ADDRESS
- NAME
- PASSWORD
- PHONE
- PIN
- SWIFT_CODE
- UK_NATIONAL_HEALTH_SERVICE_NUMBER
- UK_NATIONAL_INSURANCE_NUMBER
- UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER
- URL
- USERNAME
- US_BANK_ACCOUNT_NUMBER
- US_BANK_ROUTING_NUMBER
- US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER
- US_PASSPORT_NUMBER
- US_SOCIAL_SECURITY_NUMBER
- VEHICLE_IDENTIFICATION_NUMBER
type: string
type: object
type: array
regexesConfig:
items:
properties:
action:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
description:
type: string
inputAction:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
inputEnabled:
type: boolean
name:
type: string
outputAction:
enum:
- BLOCK
- ANONYMIZE
- NONE
type: string
outputEnabled:
type: boolean
pattern:
type: string
type: object
type: array
type: object
topicPolicyConfig:
properties:
tierConfig:
properties:
tierName:
enum:
- CLASSIC
- STANDARD
type: string
type: object
topicsConfig:
items:
properties:
definition:
type: string
examples:
items:
type: string
type: array
inputAction:
enum:
- BLOCK
- NONE
type: string
inputEnabled:
type: boolean
name:
type: string
outputAction:
enum:
- BLOCK
- NONE
type: string
outputEnabled:
type: boolean
type:
enum:
- DENY
type: string
type: object
type: array
type: object
type:
enum:
- update
wordPolicyConfig:
properties:
managedWordListsConfig:
items:
properties:
inputAction:
enum:
- BLOCK
- NONE
type: string
inputEnabled:
type: boolean
outputAction:
enum:
- BLOCK
- NONE
type: string
outputEnabled:
type: boolean
type:
enum:
- PROFANITY
type: string
type: object
type: array
wordsConfig:
items:
properties:
inputAction:
enum:
- BLOCK
- NONE
type: string
inputEnabled:
type: boolean
outputAction:
enum:
- BLOCK
- NONE
type: string
outputEnabled:
type: boolean
text:
type: string
type: object
type: array
type: object
required:
- type
Permissions - bedrock:UpdateGuardrail