AWS bedrock documentation change
Summary
Added detailed instructions for configuring denied topics through console and API, including security-related configurations like content blocking actions, KMS encryption, and cross-region inference settings
Security assessment
The changes document security features (content filtering through denied topics) but don't address a specific vulnerability. They explain how to configure guardrails to block harmful content, which is preventive security documentation rather than patching an existing issue.
Diff
diff --git a/bedrock/latest/userguide/guardrails-denied-topics.md b/bedrock/latest/userguide/guardrails-denied-topics.md index 15e4540c6..95b59c6d8 100644 --- a//bedrock/latest/userguide/guardrails-denied-topics.md +++ b//bedrock/latest/userguide/guardrails-denied-topics.md @@ -5 +5 @@ -Best practices for creating denied topics +Best practices for creating denied topicsAdd denied topics to your guardrail @@ -11 +11 @@ You can specify a set of denied topics in a guardrail that are undesirable in th -Model prompts and responses in natural language are evaluated against each denied topic in your guardrail. If one of the denied topics is detected, your guardrail's blocked message is returned. +Model prompts and responses in natural language are evaluated against each denied topic in your guardrail. If one of the denied topics is detected, your guardrail returns a blocked message. @@ -46,0 +47,132 @@ The following is an example topic definition that you can provide: +## Add denied topics to your guardrail + +You can add up to 30 denied topics to your guardrail by using the AWS Management Console or Amazon Bedrock API. + +Console + + + 1. Sign in to the AWS Management Console using an [IAM role with Amazon Bedrock permissions](./getting-started.html), and open the Amazon Bedrock console at [https://console.aws.amazon.com/bedrock/](https://console.aws.amazon.com/bedrock/). + + 2. From the left navigation pane, choose **Guardrails** , and then choose **Create guardrail**. + + 3. For **Provide guardrail details** page, do the following: + + 1. In the **Guardrail details** section, provide a **Name** and optional **Description** for the guardrail. + + 2. For **Messaging for blocked prompts** , enter a message that displays when your guardrail is applied. Select the **Apply the same blocked message for responses** checkbox to use the same message when your guardrail is applied on the response. + + 3. (Optional) To enable [cross-Region inference](./guardrails-cross-region.html) for your guardrail, expand **Cross-Region inference** , and then select **Enable cross-Region inference for your guardrail**. Choose a guardrail profile that defines the destination AWS Regions where guardrail inference requests can be routed. + + 4. (Optional) By default, your guardrail is encrypted with an AWS managed key. To use your own customer-managed KMS key, expand **KMS key selection** and select the **Customize encryption settings (advanced)** checkbox. + +You can select an existing AWS KMS key or select **Create an AWS KMS key** to create a new one. + + 5. (Optional) To add tags to your guardrail, expand **Tags** , and then, select **Add new tag** for each tag you define. + +For more information, see [Tagging Amazon Bedrock resources](./tagging.html). + + 6. Choose **Next**. + + 4. When you get to the **Add denied topics** page, choose **Add denied topic** and do the following: + + 1. Enter a **Name** for the topic. + + 2. For **Definition** , define the topic. For guidelines on how to define a denied topic, see [Block denied topics to help remove harmful content](./guardrails-denied-topics.html). + + 3. (Optional) For **Input** , specify whether guardrail evaluation is enabled for model prompts. If enabled, choose which action you want your guardrail. **Block** is enabled by default. For more information, see [Options for handling harmful content detected by Amazon Bedrock Guardrails](./guardrails-harmful-content-handling-options.html). + + 4. (Optional) For **Output** , specify whether guardrail evaluation is enabled for model responses. If enabled, choose which action you want your guardrail to take on responses. **Block** is enabled by default. For more information, see [Options for handling harmful content detected by Amazon Bedrock Guardrails](./guardrails-harmful-content-handling-options.html). + + 5. (Optional) Expand **Add sample phrases** and enter a phrase that's representative of prompts or responses related to this topic. You can enter up to five phrases. For each phrase you include, select **Add phrase**. + + 6. For **Denied topics tier** , choose the model tier that you want your guardrail to use for blocking topics in prompts and responses. For more information, see [Model tiers for guardrails policies](./guardrails-model-tiers.html). + + 7. When you're done configuring the denied topic, select **Confirm**. + + 8. Repeat the previous steps to create additional denied topics. + + 9. Choose **Next** to configure other policies as needed or **Skip to Review and create** to finish creating your guardrail. + + 5. Review the settings for your guardrail. + + 1. Select **Edit** in any section you want to make changes to. + + 2. When you're done configuring policies, select **Create** to create the guardrail. + + + + +API + + +Add denied topics to your guardrail by sending a [CreateGuardrail](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_CreateGuardrail.html) request. Here's what the request format looks like: + + + POST /guardrails HTTP/1.1 + Content-type: application/json + + { + "blockedInputMessaging": "string", + "blockedOutputsMessaging": "string", + "topicPolicyConfig": { + "topicsConfig": [ + { + "definition": "string", + "examples": [ "string" ], + "inputAction": "BLOCK | NONE", + "inputEnabled": true, + "name": "string", + "outputAction": "BLOCK | NONE", + "outputEnabled": true, + "type": "DENY" + }, + "tierConfig": { + "tierName": "CLASSIC | STANDARD" + }, + ] + }, + "crossRegionConfig": { + "guardrailProfileIdentifier": "string" + }, + "description": "string", + "name": "string" + } + + * Specify messages for when the guardrail successfully blocks a prompt or a model response in the `blockedInputMessaging` and `blockedOutputsMessaging` fields. + + * Specify topics for the guardrail to deny in the `topicPolicyConfig` object. Each item in the `topicsConfig` list pertains to one topic. + + * Specify a `name` and `definition` for the topic that should be denied. + + * Specify `DENY` in the `type` field. + + * Specify the action to take when the topic is detected in prompts using `inputAction` or responses using `outputAction`. Choose `BLOCK` to block content and replace with blocked messaging, or `NONE` to take no action but return detection information. For more information, see [Options for handling harmful content detected by Amazon Bedrock Guardrails](./guardrails-harmful-content-handling-options.html). + + * Set `inputEnabled` and `outputEnabled` to control whether guardrail evaluation is enabled for model prompts and responses. + + * (Optional) In the `examples` list, specify up to five sample phrases that you are representative of prompts or responses related to this topic. + + * (Optional) Specify a model tier for your guardrail in the `tierConfig` object. Options include `STANDARD` and `CLASSIC` tiers. + +For more information, see [Model tiers for guardrails policies](./guardrails-model-tiers.html). + + * (Optional) To enable [cross-Region inference](./guardrails-cross-region.html), specify a guardrail profile in the `crossRegionConfig` object. This is required when using the `STANDARD` tier. + + * Specify a `name` and `description` for the guardrail. + + + + +The response format looks like this: + + + HTTP/1.1 202 + Content-type: application/json + + { + "createdAt": "string", + "guardrailArn": "string", + "guardrailId": "string", + "version": "string" + } + @@ -53 +185 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Content filters (Images) +Prompt attacks @@ -55 +187 @@ Content filters (Images) -Sensitive information filters +Add word filters