Note:

You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . bedrock ]

update-guardrail

Description

Updates a guardrail with the values you specify.

  • Specify a name and optional description .
  • Specify messages for when the guardrail successfully blocks a prompt or a model response in the blockedInputMessaging and blockedOutputsMessaging fields.
  • Specify topics for the guardrail to deny in the topicPolicyConfig object. Each GuardrailTopicConfig object in the topicsConfig list pertains to one topic.
    • Give a name and description so that the guardrail can properly identify the topic.
    • Specify DENY in the type field.
    • (Optional) Provide up to five prompts that you would categorize as belonging to the topic in the examples list.
  • Specify filter strengths for the harmful categories defined in Amazon Bedrock in the contentPolicyConfig object. Each GuardrailContentFilterConfig object in the filtersConfig list pertains to a harmful category. For more information, see Content filters . For more information about the fields in a content filter, see GuardrailContentFilterConfig .
    • Specify the category in the type field.
    • Specify the strength of the filter for prompts in the inputStrength field and for model responses in the strength field of the GuardrailContentFilterConfig .
  • (Optional) For security, include the ARN of a KMS key in the kmsKeyId field.
  • (Optional) Attach any tags to the guardrail in the tags object. For more information, see Tag resources .

See also: AWS API Documentation

Synopsis

  update-guardrail
--guardrail-identifier <value>
--name <value>
[--description <value>]
[--topic-policy-config <value>]
[--content-policy-config <value>]
[--word-policy-config <value>]
[--sensitive-information-policy-config <value>]
--blocked-input-messaging <value>
--blocked-outputs-messaging <value>
[--kms-key-id <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]

Options

--guardrail-identifier (string)

The unique identifier of the guardrail

--name (string)

A name for the guardrail.

--description (string)

A description of the guardrail.

--topic-policy-config (structure)

The topic policy to configure for the guardrail.

topicsConfig -> (list)

A list of policies related to topics that the guardrail should deny.

(structure)

Details about topics for the guardrail to identify and deny.

This data type is used in the following API operations:

name -> (string)

The name of the topic to deny.

definition -> (string)

A definition of the topic to deny.

examples -> (list)

A list of prompts, each of which is an example of a prompt that can be categorized as belonging to the topic.

(string)

type -> (string)

Specifies to deny the topic.

JSON Syntax:

{
  "topicsConfig": [
    {
      "name": "string",
      "definition": "string",
      "examples": ["string", ...],
      "type": "DENY"
    }
    ...
  ]
}

--content-policy-config (structure)

The content policy to configure for the guardrail.

filtersConfig -> (list)

Contains the type of the content filter and how strongly it should apply to prompts and model responses.

(structure)

Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs.

  • Hate – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).
  • Insults – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.
  • Sexual – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.
  • Violence – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing.

Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence.

For more information, see Guardrails content filters .

This data type is used in the following API operations:

type -> (string)

The harmful category that the content filter is applied to.

inputStrength -> (string)

The strength of the content filter to apply to prompts. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.

outputStrength -> (string)

The strength of the content filter to apply to model responses. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.

Shorthand Syntax:

filtersConfig=[{type=string,inputStrength=string,outputStrength=string},{type=string,inputStrength=string,outputStrength=string}]

JSON Syntax:

{
  "filtersConfig": [
    {
      "type": "SEXUAL"|"VIOLENCE"|"HATE"|"INSULTS"|"MISCONDUCT"|"PROMPT_ATTACK",
      "inputStrength": "NONE"|"LOW"|"MEDIUM"|"HIGH",
      "outputStrength": "NONE"|"LOW"|"MEDIUM"|"HIGH"
    }
    ...
  ]
}

--word-policy-config (structure)

The word policy to configure for the guardrail.

wordsConfig -> (list)

A list of words to configure for the guardrail.

(structure)

A word to configure for the guardrail.

text -> (string)

Text of the word configured for the guardrail to block.

managedWordListsConfig -> (list)

A list of managed words to configure for the guardrail.

(structure)

The managed word list to configure for the guardrail.

type -> (string)

The managed word type to configure for the guardrail.

Shorthand Syntax:

wordsConfig=[{text=string},{text=string}],managedWordListsConfig=[{type=string},{type=string}]

JSON Syntax:

{
  "wordsConfig": [
    {
      "text": "string"
    }
    ...
  ],
  "managedWordListsConfig": [
    {
      "type": "PROFANITY"
    }
    ...
  ]
}

--sensitive-information-policy-config (structure)

The sensitive information policy to configure for the guardrail.

piiEntitiesConfig -> (list)

A list of PII entities to configure to the guardrail.

(structure)

The PII entity to configure for the guardrail.

type -> (string)

Configure guardrail type when the PII entity is detected.

action -> (string)

Configure guardrail action when the PII entity is detected.

regexesConfig -> (list)

A list of regular expressions to configure to the guardrail.

(structure)

The regular expression to configure for the guardrail.

name -> (string)

The name of the regular expression to configure for the guardrail.

description -> (string)

The description of the regular expression to configure for the guardrail.

pattern -> (string)

The regular expression pattern to configure for the guardrail.

action -> (string)

The guardrail action to configure when matching regular expression is detected.

Shorthand Syntax:

piiEntitiesConfig=[{type=string,action=string},{type=string,action=string}],regexesConfig=[{name=string,description=string,pattern=string,action=string},{name=string,description=string,pattern=string,action=string}]

JSON Syntax:

{
  "piiEntitiesConfig": [
    {
      "type": "ADDRESS"|"AGE"|"AWS_ACCESS_KEY"|"AWS_SECRET_KEY"|"CA_HEALTH_NUMBER"|"CA_SOCIAL_INSURANCE_NUMBER"|"CREDIT_DEBIT_CARD_CVV"|"CREDIT_DEBIT_CARD_EXPIRY"|"CREDIT_DEBIT_CARD_NUMBER"|"DRIVER_ID"|"EMAIL"|"INTERNATIONAL_BANK_ACCOUNT_NUMBER"|"IP_ADDRESS"|"LICENSE_PLATE"|"MAC_ADDRESS"|"NAME"|"PASSWORD"|"PHONE"|"PIN"|"SWIFT_CODE"|"UK_NATIONAL_HEALTH_SERVICE_NUMBER"|"UK_NATIONAL_INSURANCE_NUMBER"|"UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER"|"URL"|"USERNAME"|"US_BANK_ACCOUNT_NUMBER"|"US_BANK_ROUTING_NUMBER"|"US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER"|"US_PASSPORT_NUMBER"|"US_SOCIAL_SECURITY_NUMBER"|"VEHICLE_IDENTIFICATION_NUMBER",
      "action": "BLOCK"|"ANONYMIZE"
    }
    ...
  ],
  "regexesConfig": [
    {
      "name": "string",
      "description": "string",
      "pattern": "string",
      "action": "BLOCK"|"ANONYMIZE"
    }
    ...
  ]
}

--blocked-input-messaging (string)

The message to return when the guardrail blocks a prompt.

--blocked-outputs-messaging (string)

The message to return when the guardrail blocks a model response.

--kms-key-id (string)

The ARN of the KMS key with which to encrypt the guardrail.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

Output

guardrailId -> (string)

The unique identifier of the guardrail

guardrailArn -> (string)

The ARN of the guardrail that was created.

version -> (string)

The version of the guardrail.

updatedAt -> (timestamp)

The date and time at which the guardrail was updated.