AWS AWSCloudFormation medium security documentation change
Summary
Enhanced documentation for Bedrock Guardrail with detailed content filtering categories, added contextual grounding check, and clarified sensitive information detection mechanisms
Security assessment
The changes explicitly document security-focused content filtering capabilities (hate/insults/sexual/violence categories), sensitive PII detection, and new contextual grounding checks to detect hallucinations. These are direct security controls for generative AI applications.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-bedrock-guardrail.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-bedrock-guardrail.md index a8de710b3..ccad1e6a0 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-bedrock-guardrail.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-bedrock-guardrail.md @@ -9 +9 @@ This is the new _AWS CloudFormation Template Reference Guide_. Please update you -Creates a guardrail to block topics and to implement safeguards for your generative AI applications. +Creates a guardrail to detect and filter harmful content in your generative AI application. @@ -11 +11 @@ Creates a guardrail to block topics and to implement safeguards for your generat -You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection. +Amazon Bedrock Guardrails provides the following safeguards (also known as policies) to detect and filter harmful content: @@ -13 +13 @@ You can configure the following policies in a guardrail to avoid undesirable and - * **Content filters** \- Adjust filter strengths to block input prompts or model responses containing harmful content. + * **Content filters** \- Detect and filter harmful text or image content in input prompts or model responses. Filtering is done based on detection of certain predefined harmful content categories: Hate, Insults, Sexual, Violence, Misconduct and Prompt Attack. You also can adjust the filter strength for each of these categories. @@ -15 +15 @@ You can configure the following policies in a guardrail to avoid undesirable and - * **Denied topics** \- Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses. + * **Denied topics** \- Define a set of topics that are undesirable in the context of your application. The filter will help block them if detected in user queries or model responses. @@ -17 +17 @@ You can configure the following policies in a guardrail to avoid undesirable and - * **Word filters** \- Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc. + * **Word filters** \- Configure filters to help block undesirable words, phrases, and profanity (exact match). Such words can include offensive terms, competitor names, etc. @@ -19 +19 @@ You can configure the following policies in a guardrail to avoid undesirable and - * **Sensitive information filters** \- Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses. + * **Sensitive information filters** \- Configure filters to help block or mask sensitive information, such as personally identifiable information (PII), or custom regex in user inputs and model responses. Blocking or masking is done based on probabilistic detection of sensitive information in standard formats in entities such as SSN number, Date of Birth, address, etc. This also allows configuring regular expression based detection of patterns for identifiers. @@ -20,0 +21 @@ You can configure the following policies in a guardrail to avoid undesirable and + * **Contextual grounding check** \- Help detect and filter hallucinations in model responses based on grounding in a source and relevance to the user query. @@ -24 +24,0 @@ You can configure the following policies in a guardrail to avoid undesirable and -In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail. @@ -26 +26 @@ In addition to the above policies, you can also configure the messages to be ret -For more information, see [Amazon Bedrock Guardrails](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the _Amazon Bedrock User Guide_. +For more information, see [How Amazon Bedrock Guardrails works](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-how.html).