Skip to main content

guardrails

Creates, updates, deletes or gets a guardrail resource or lists guardrails in a region

Overview

Nameguardrails
TypeResource
DescriptionDefinition of AWS::Bedrock::Guardrail Resource Type
Idawscc.bedrock.guardrails

Fields

NameDatatypeDescription
blocked_input_messagingstringMessaging for when violations are detected in text
blocked_outputs_messagingstringMessaging for when violations are detected in text
content_policy_configobjectContent policy config for a guardrail.
contextual_grounding_policy_configobjectContextual grounding policy config for a guardrail.
created_atstringTime Stamp
cross_region_configobjectThe system-defined guardrail profile that you’re using with your guardrail
descriptionstringDescription of the guardrail or its version
failure_recommendationsarrayList of failure recommendations
guardrail_arnstringArn representation for the guardrail
guardrail_idstringUnique id for the guardrail
kms_key_arnstringThe KMS key with which the guardrail was encrypted at rest
namestringName of the guardrail
sensitive_information_policy_configobjectSensitive information policy config for a guardrail.
statusstringStatus of the guardrail
status_reasonsarrayList of status reasons
tagsarrayList of Tags
topic_policy_configobjectTopic policy config for a guardrail.
updated_atstringTime Stamp
versionstringGuardrail version
word_policy_configobjectWord policy config for a guardrail.
regionstringAWS region.

For more information, see AWS::Bedrock::Guardrail.

Methods

NameResourceAccessible byRequired Params
create_resourceguardrailsINSERTName, BlockedInputMessaging, BlockedOutputsMessaging, region
delete_resourceguardrailsDELETEIdentifier, region
update_resourceguardrailsUPDATEIdentifier, PatchDocument, region
list_resourcesguardrails_list_onlySELECTregion
get_resourceguardrailsSELECTIdentifier, region

SELECT examples

Gets all properties from an individual guardrail.

SELECT
  region,
  blocked_input_messaging,
  blocked_outputs_messaging,
  content_policy_config,
  contextual_grounding_policy_config,
  created_at,
  cross_region_config,
  description,
  failure_recommendations,
  guardrail_arn,
  guardrail_id,
  kms_key_arn,
  name,
  sensitive_information_policy_config,
  status,
  status_reasons,
  tags,
  topic_policy_config,
  updated_at,
  version,
  word_policy_config
FROM awscc.bedrock.guardrails
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ guardrail_arn }}';

INSERT example

Use the following StackQL query and manifest file to create a new guardrail resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.bedrock.guardrails (
  BlockedInputMessaging,
  BlockedOutputsMessaging,
  Name,
  region
)
SELECT
  '{{ blocked_input_messaging }}',
  '{{ blocked_outputs_messaging }}',
  '{{ name }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a guardrail resource, using stack-deploy.

/*+ update */
UPDATE awscc.bedrock.guardrails
SET PatchDocument = string('{{ {
    "BlockedInputMessaging": blocked_input_messaging,
    "BlockedOutputsMessaging": blocked_outputs_messaging,
    "ContentPolicyConfig": content_policy_config,
    "ContextualGroundingPolicyConfig": contextual_grounding_policy_config,
    "CrossRegionConfig": cross_region_config,
    "Description": description,
    "KmsKeyArn": kms_key_arn,
    "Name": name,
    "SensitiveInformationPolicyConfig": sensitive_information_policy_config,
    "Tags": tags,
    "TopicPolicyConfig": topic_policy_config,
    "WordPolicyConfig": word_policy_config
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ guardrail_arn }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.bedrock.guardrails
WHERE
  Identifier = '{{ guardrail_arn }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the guardrails resource, the following permissions are required:

bedrock:CreateGuardrail,
bedrock:GetGuardrail,
kms:DescribeKey,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt,
bedrock:TagResource,
bedrock:ListTagsForResource