AWS bedrock documentation change
Summary
Fixed XML tag syntax in example and simplified untagged content section. Removed specific test pane instructions while maintaining security context about input tagging.
Security assessment
Changes primarily correct formatting and streamline documentation. While the content discusses injection attack mitigation (a security feature), the changes themselves don't address a new vulnerability or add new security documentation - they refine existing security-related guidance about dynamic tag suffixes and input processing.
Diff
diff --git a/bedrock/latest/userguide/guardrails-tagging.md index b227d1813..2c49530e0 100644 --- a/bedrock/latest/userguide/guardrails-tagging.md +++ b/bedrock/latest/userguide/guardrails-tagging.md @@ -46 +46 @@ In the preceding example, the content _`How many objects do I have in my S3 buck -The tag suffix (`xyz` in the preceding example) is a dynamic value that you must provide in the `tagSuffix` field in `amazon-bedrock-guardrailConfig` to use input tagging. It is recommended to use a new, random string as the `tagSuffix` for every request. This helps mitigate potential prompt injection attacks by making the tag structure unpredictable. A static tag can result in a malicious user closing the XML tag and appending malicious content after the tag closure, resulting in an _injection attack_. You are limited to alphanumeric characters with a length between 1 and 20 characters, inclusive. With the example suffix `xyz`, you must enclose all the content to be guarded using the XML tags with your suffix: `<amazon-bedrock-guardrails-guardContent_xyz>`. and your content `</amazon-bedrock-guardrails-guardContent_xyz>`. We recommend that you use a dynamic unique identifier for each request as a tag suffix. +The tag suffix (`xyz` in the preceding example) is a dynamic value that you must provide in the `tagSuffix` field in `amazon-bedrock-guardrailConfig` to use input tagging. It is recommended to use a new, random string as the `tagSuffix` for every request. This helps mitigate potential prompt injection attacks by making the tag structure unpredictable. A static tag can result in a malicious user closing the XML tag and appending malicious content after the tag closure, resulting in an _injection attack_. You are limited to alphanumeric characters with a length between 1 and 20 characters, inclusive. With the example suffix `xyz`, you must enclose all the content to be guarded using the XML tags with your suffix: `<amazon-bedrock-guardrails-guardContent_xyz>``your content``</amazon-bedrock-guardrails-guardContent_xyz>`. We recommend that you use a dynamic unique identifier for each request as a tag suffix. @@ -52 +52 @@ You can use the same tag structure multiple times in the input text to mark diff -**Untagged Content** +**Untagged content** @@ -54,22 +54 @@ You can use the same tag structure multiple times in the input text to mark diff -Any content outside of the input tags will not be processed by guardrails. This allows you to include instructions, sample conversations, knowledge bases, or other content that you deem safe and do not want to be processed by guardrails. If there are no tags in the input prompt, the complete prompt will be processed by guardrails. The only exception is [Prompt attacks](./guardrails-components.html#guardrails-prompt-attack) filters which require input tags to be present. - -You can try out input tagging in the test pane for your guardrail by following these steps: - - 1. Navigating to the test pane for your guardrail (this method isn't supported for the Amazon Bedrock text or chat playgrounds, only the guardrails test pane). - - 2. Use the default playground input tag suffix `playground`. - - - - - - VIOLENT STATEMENT: I think I could fight a grizzly bear. - - <amazon-bedrock-guardrails-guardContent_playground> - - BENIGN INPUT: How's the weather? - - </amazon-bedrock-guardrails-guardContent_playground> - - -Your guardrail will only be run on the content between the input tags. +Content outside of input tags isn't processed by guardrails. This allows you to include instructions, sample conversations, knowledge bases, or other content that you deem safe and don't want to be processed by guardrails. If there are no tags in the input prompt, the complete prompt will be processed by guardrails. The only exception is [Prompt attacks](./guardrails-components.html#guardrails-prompt-attack) filters, which require input tags to be present.