Skip to main content

guardrails

Creates, updates, deletes or gets a guardrail resource or lists guardrails in a region

Overview

Nameguardrails
TypeResource
DescriptionDefinition of AWS::Bedrock::Guardrail Resource Type
Idawscc.bedrock.guardrails

Fields

NameDatatypeDescription
blocked_input_messagingstringMessaging for when violations are detected in text
blocked_outputs_messagingstringMessaging for when violations are detected in text
content_policy_configobjectContent policy config for a guardrail.
contextual_grounding_policy_configobjectContextual grounding policy config for a guardrail.
created_atstringTime Stamp
cross_region_configobjectThe system-defined guardrail profile that you’re using with your guardrail
descriptionstringDescription of the guardrail or its version
failure_recommendationsarrayList of failure recommendations
guardrail_arnstringArn representation for the guardrail
guardrail_idstringUnique id for the guardrail
kms_key_arnstringThe KMS key with which the guardrail was encrypted at rest
namestringName of the guardrail
sensitive_information_policy_configobjectSensitive information policy config for a guardrail.
statusstringStatus of the guardrail
status_reasonsarrayList of status reasons
tagsarrayList of Tags
topic_policy_configobjectTopic policy config for a guardrail.
updated_atstringTime Stamp
versionstringGuardrail version
word_policy_configobjectWord policy config for a guardrail.
regionstringAWS region.

For more information, see AWS::Bedrock::Guardrail.

Methods

NameResourceAccessible byRequired Params
create_resourceguardrailsINSERTName, BlockedInputMessaging, BlockedOutputsMessaging, region
delete_resourceguardrailsDELETEIdentifier, region
update_resourceguardrailsUPDATEIdentifier, PatchDocument, region
list_resourcesguardrails_list_onlySELECTregion
get_resourceguardrailsSELECTIdentifier, region

SELECT examples

Gets all properties from an individual guardrail.

SELECT
  region,
  blocked_input_messaging,
  blocked_outputs_messaging,
  content_policy_config,
  contextual_grounding_policy_config,
  created_at,
  cross_region_config,
  description,
  failure_recommendations,
  guardrail_arn,
  guardrail_id,
  kms_key_arn,
  name,
  sensitive_information_policy_config,
  status,
  status_reasons,
  tags,
  topic_policy_config,
  updated_at,
  version,
  word_policy_config
FROM awscc.bedrock.guardrails
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ guardrail_arn }}';

INSERT example

Use the following StackQL query and manifest file to create a new guardrail resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.bedrock.guardrails (
  BlockedInputMessaging,
  BlockedOutputsMessaging,
  Name,
  region
)
SELECT
  '{{ blocked_input_messaging }}',
  '{{ blocked_outputs_messaging }}',
  '{{ name }}',
  '{{ region }}';

UPDATE example

Use the following StackQL query and manifest file to update a guardrail resource, using stack-deploy.

/*+ update */
UPDATE awscc.bedrock.guardrails
SET PatchDocument = string('{{ {
    "BlockedInputMessaging": blocked_input_messaging,
    "BlockedOutputsMessaging": blocked_outputs_messaging,
    "ContentPolicyConfig": content_policy_config,
    "ContextualGroundingPolicyConfig": contextual_grounding_policy_config,
    "CrossRegionConfig": cross_region_config,
    "Description": description,
    "KmsKeyArn": kms_key_arn,
    "Name": name,
    "SensitiveInformationPolicyConfig": sensitive_information_policy_config,
    "Tags": tags,
    "TopicPolicyConfig": topic_policy_config,
    "WordPolicyConfig": word_policy_config
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ guardrail_arn }}';

DELETE example

/*+ delete */
DELETE FROM awscc.bedrock.guardrails
WHERE
  Identifier = '{{ guardrail_arn }}' AND
  region = 'us-east-1';

Permissions

To operate on the guardrails resource, the following permissions are required:

bedrock:CreateGuardrail,
bedrock:GetGuardrail,
kms:DescribeKey,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt,
bedrock:TagResource,
bedrock:ListTagsForResource