Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Configure Sensitive Information Filters for Amazon Bedrock Guardrails

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: Bedrock-007

Ensure that your Amazon Bedrock guardrails are configured to block or mask sensitive information such as Personally Identifiable Information (PII) in order to reject inputs containing information or redact them in model responses. This is crucial for protecting user privacy, comply with data protection regulations, and prevent unauthorized access to sensitive data, thereby maintaining trust and security.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Security
Operational
excellence

Amazon Bedrock guardrails are security measures designed to ensure safe and responsible use of AI services provided by Amazon Bedrock. They help manage data privacy, prevent misuse, and maintain compliance with regulations. Guardrails can detect sensitive information such as Personally Identifiable Information (PII) in input prompts or foundation model (FM) responses. You can also configure sensitive information specific to your use case or organization by defining it with regular expressions (regex). Amazon Bedrock guardrails offer two behavior modes to filter sensitive information:


Audit

To determine if your Amazon Bedrock guardrails are configured to block or mask sensitive information such as PII, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Safeguards, select Guardrails.

04 In the Guardrails section, click on the name (link) of the Amazon Bedrock guardrail that you want to examine, available in the Name column.

05 In the Working Draft section, click on Working Draft (link) to open the current draft defined for the selected guardrail.

06 In the Sensitive information filters section, perform the following actions:

  1. Choose the PII types tab to identify the predefined PII-based filters configured for the selected guardrail. If there are no PII-based filters listed under PII types, the selected Amazon Bedrock guardrail is not configured to block or mask sensitive information such as Personally Identifiable Information (PII).
  2. Select the Regex patterns tab to identify the regex-based custom filters defined for the selected guardrail. If there are no regex-based filters listed under Regex patterns, the selected Amazon Bedrock guardrail is not configured to block or mask sensitive information such as PII.

07 Repeat steps no. 4 - 6 for each Amazon Bedrock guardrail available within the current AWS region.

08 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

01 Run list-guardrails command (OSX/Linux/UNIX) to list the Amazon Resource Name (ARN) of each Amazon Bedrock guardrail available in the selected AWS cloud region:

aws bedrock list-guardrails
  --region us-east-1
  --query 'guardrails[*].arn'

02 The command output should return the requested guardrail identifiers (ARNs):

[
	"arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd",
	"arn:aws:bedrock:us-east-1:123456789012:guardrail/1234abcd1234"
]

03 Run get-guardrail command (OSX/Linux/UNIX) with the name of the Amazon Bedrock guardrail that you want to examine as the identifier parameter, to describe the predefined PII-based filters (PII entities) configured for the selected guardrail:

aws bedrock get-guardrail
  --region us-east-1
  --guardrail-identifier arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd
  --query 'sensitiveInformationPolicy.piiEntities'

04 The command output should return the requested PII entities:

null

If the get-guardrail command output returns [] or null, as shown in the example above, the selected Amazon Bedrock guardrail is not configured to block or mask sensitive information such as Personally Identifiable Information (PII).

05 Run get-guardrail command (OSX/Linux/UNIX) with the name of the Amazon Bedrock guardrail that you want to examine as the identifier parameter, to describe the regex-based custom filters defined for the selected guardrail:

aws bedrock get-guardrail
  --region us-east-1
  --guardrail-identifier arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd
  --query 'sensitiveInformationPolicy.regexes'

06 The command output should return the requested regex-based filters:

null

If the get-guardrail command output returns [] or null, as shown in the example above, the selected Amazon Bedrock guardrail is not configured to block or mask sensitive information such as PII.

07 Repeat steps no. 3 - 6 for each Amazon Bedrock guardrail available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 7 to perform the Audit process for other regions.

Remediation / Resolution

To configure sensitive information filters for your Amazon Bedrock guardrails, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Safeguards, select Guardrails.

04 In the Guardrails section, click on the name (link) of the Amazon Bedrock guardrail that you want to configure, available in the Name column.

05 In the Working Draft section, click on Working Draft (link) to open the current draft defined for the selected guardrail.

06 In the Sensitive information filters section, perform the following actions:

  1. Select the PII types tab, choose Edit, and use the Add new PII button to add as many predefined PII-based filters as needed. Choose the predefined PII type that you want to use from the Choose PII type list, and select the appropriate behavior mode for the selected PII type from the Guardrail behavior list. Choose Block if you want to block the content and return a custom message if sensitive information is detected in the prompt or response. Choose Mask if you want to mask or redact sensitive information detected in the model response. Choose Save and exit to apply the configuration changes.
  2. Select the Regex patterns tab, choose Edit, and use the Add regex pattern button to add as many regex-based custom filters as needed. In the Add regex pattern setup box, provide a unique name and a description (optional) for your new custom filter, the regex pattern that you want to use, and the appropriate guardrail behavior (Block or Mask). Choose Save and exit to apply the configuration changes and return to the Working Draft page.

07 Repeat steps no. 4 - 6 for each Amazon Bedrock guardrail that you want to configure, available within the current AWS region.

08 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run update-guardrail command (OSX/Linux/UNIX) with the name of the Amazon Bedrock guardrail that you want to configure as the identifier parameter, to configure the types of PII to be filtered for the selected guardrail and the desired guardrail behavior ("BLOCK" or "ANONYMIZE"). Choose "BLOCK" if you want to block the content and return a custom message if sensitive information is detected in the prompt or response. Choose "ANONYMIZE" if you want to mask or redact sensitive information detected in the model response. The following command example adds a predefined PII-based filter named "VEHICLE_IDENTIFICATION_NUMBER" to the selected guardrail and sets the behavior mode to "ANONYMIZE" in order to mask the sensitive information:

aws bedrock update-guardrail
  --region us-east-1
  --guardrail-identifier arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd
  --name tm-project5-ai-guardrail
  --content-policy-config 'filtersConfig=[{type="VIOLENCE",inputStrength="HIGH",outputStrength="NONE"},{type="HATE",inputStrength="HIGH",outputStrength="NONE"}]'
  --blocked-input-messaging "Sorry, the model cannot answer this question."
  --blocked-outputs-messaging "Sorry, the model cannot answer this question."
  --sensitive-information-policy-config 'piiEntitiesConfig=[{type="VEHICLE_IDENTIFICATION_NUMBER",action="ANONYMIZE"}]'

02 The command output should return the identification details available for the configured guardrail:

{
	"guardrailId": "abcd1234abcd",
	"guardrailArn": "arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd",
	"version": "DRAFT",
	"updatedAt": "2024-06-11T11:07:34.347840+00:00"
}

03 Run update-guardrail command (OSX/Linux/UNIX) with the name of the Amazon Bedrock guardrail that you want to configure as the identifier parameter, to configure regex patterns to filter custom types of sensitive information for the selected guardrail and specify the desired guardrail behavior ("BLOCK" or "ANONYMIZE"). The following command example adds a regex-based custom filter named "Booking ID" with the following pattern: "^ID\d{3}[A-Z]{3}$" to the specified guardrail, and sets the behavior mode to "BLOCK" in order to block the sensitive information:

aws bedrock update-guardrail
  --region us-east-1
  --guardrail-identifier arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd
  --name tm-project5-ai-guardrail
  --content-policy-config 'filtersConfig=[{type="VIOLENCE",inputStrength="HIGH",outputStrength="NONE"},{type="HATE",inputStrength="HIGH",outputStrength="NONE"}]'
  --blocked-input-messaging "Sorry, the model cannot answer this question."
  --blocked-outputs-messaging "Sorry, the model cannot answer this question."
  --sensitive-information-policy-config 'regexesConfig=[{name="Booking ID",pattern="^ID\\d{3}[A-Z]{3}$",action="BLOCK"}]'

04 The command output should return the identification details available for the configured guardrail:

{
	"guardrailId": "abcd1234abcd",
	"guardrailArn": "arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd",
	"version": "DRAFT",
	"updatedAt": "2024-06-11T12:11:46.482645+00:00"
}

05 Repeat steps no. 1 - 4 for each Amazon Bedrock guardrail that you want to configure, available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Jun 13, 2024