@cdklabs/generative-ai-cdk-constructs
@cdklabs/generative-ai-cdk-constructs / bedrock / Guardrail
Class to create a Guardrail with CDK.
new Guardrail(
scope
,id
,props
):Guardrail
Construct
string
readonly
contentFilters:ContentFilter
[]
The content filters applied by the guardrail.
readonly
contextualGroundingFilters:ContextualGroundingFilter
[]
The contextual grounding filters applied by the guardrail.
readonly
deniedTopics:Topic
[]
The denied topic filters applied by the guardrail.
readonly
env:ResourceEnvironment
The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
readonly
guardrailArn:string
The ARN of the guardrail.
readonly
guardrailId:string
The ID of the guardrail.
guardrailVersion:
string
The version of the guardrail.
By default, this value will always be DRAFT
unless an explicit version is created.
For an explicit version created, this will usually be a number (e.g. for Version 1 just enter “1”)
"1"
- "DRAFT"
GuardrailBase
.guardrailVersion
readonly
hash:string
The computed hash of the guardrail properties.
readonly
optional
kmsKey:IKey
The KMS key used to encrypt data.
undefined - "Data is encrypted by default with a key that AWS owns and manages for you"
readonly
managedWordListFilters:PROFANITY
[]
The managed word list filters applied by the guardrail.
readonly
name:string
The name of the guardrail.
readonly
node:Node
The tree node.
protected
readonly
physicalName:string
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket"
)undefined
, when a name should be generated by CloudFormation
readonly
piiFilters:PIIFilter
[]
The PII filters applied by the guardrail.
readonly
regexFilters:RegexFilter
[]
The regex filters applied by the guardrail.
readonly
stack:Stack
The stack in which this resource is defined.
readonly
wordFilters:string
[]
The word filters applied by the guardrail.
_enableCrossEnvironment():
void
Internal
Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through its absolute name/arn.
void
GuardrailBase
._enableCrossEnvironment
addContentFilter(
filter
):void
Adds a content filter to the guardrail.
The content filter to add.
void
addContextualGroundingFilter(
filter
):void
Adds a contextual grounding filter to the guardrail.
The contextual grounding filter to add.
void
addDeniedTopicFilter(
filter
):void
Adds a denied topic filter to the guardrail.
The denied topic filter to add.
void
addManagedWordListFilter(
filter
):void
Adds a managed word list filter to the guardrail.
The managed word list filter to add.
void
addPIIFilter(
filter
):void
Adds a PII filter to the guardrail.
The PII filter to add.
void
addRegexFilter(
filter
):void
Adds a regex filter to the guardrail.
The regex filter to add.
void
addWordFilter(
filter
):void
Adds a word filter to the guardrail.
string
The word filter to add.
void
addWordFilterFromFile(
filePath
):void
Adds a word filter to the guardrail.
string
The location of the word filter file.
void
applyRemovalPolicy(
policy
):void
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
RemovalPolicy
void
GuardrailBase
.applyRemovalPolicy
createVersion(
description
?):string
Create a version for the guardrail.
string
The description of the version.
string
The guardrail version.
protected
generatePhysicalName():string
string
GuardrailBase
.generatePhysicalName
protected
getResourceArnAttribute(arnAttr
,arnComponents
):string
Returns an environment-sensitive token that should be used for the
resource’s “ARN” attribute (e.g. bucket.bucketArn
).
Normally, this token will resolve to arnAttr
, but if the resource is
referenced across environments, arnComponents
will be used to synthesize
a concrete ARN with the resource’s physical name. Make sure to reference
this.physicalName
in arnComponents
.
string
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called “Arn” (e.g. resource.attrArn
), but sometimes
it’s the CFN resource’s ref
.
ArnComponents
The format of the ARN of this resource. You must
reference this.physicalName
somewhere within the ARN in order for
cross-environment references to work.
string
GuardrailBase
.getResourceArnAttribute
protected
getResourceNameAttribute(nameAttr
):string
Returns an environment-sensitive token that should be used for the
resource’s “name” attribute (e.g. bucket.bucketName
).
Normally, this token will resolve to nameAttr
, but if the resource is
referenced across environments, it will be resolved to this.physicalName
,
which will be a concrete name.
string
The CFN attribute which resolves to the resource’s name.
Commonly this is the resource’s ref
.
string
GuardrailBase
.getResourceNameAttribute
grantApply(
grantee
):Grant
Grant the given identity permissions to apply the guardrail.
IGrantable
Grant
toString():
string
Returns a string representation of this construct.
string
static
fromCfnGuardrail(cfnGuardrail
):IGuardrail
Import a low-level L1 Cfn Guardrail
CfnGuardrail
static
fromGuardrailAttributes(scope
,id
,attrs
):IGuardrail
Import a guardrail given its attributes
Construct
string
static
isConstruct(x
):x is Construct
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
any
Any object
x is Construct
true if x
is an object created from a class which extends Construct
.
static
isOwnedResource(construct
):boolean
Returns true if the construct was created by CDK, and false otherwise
IConstruct
boolean
static
isResource(construct
):construct is Resource
Check whether the given construct is a Resource
IConstruct
construct is Resource