generative-ai-cdk-constructs

@cdklabs/generative-ai-cdk-constructs


@cdklabs/generative-ai-cdk-constructs / bedrock / Guardrail

Class: Guardrail

Class to create a Guardrail with CDK.

Extends

Constructors

new Guardrail()

new Guardrail(scope, id, props): Guardrail

Parameters

scope

Construct

id

string

props

GuardrailProps

Returns

Guardrail

Overrides

GuardrailBase.constructor

Properties

contentFilters

readonly contentFilters: ContentFilter[]

The content filters applied by the guardrail.


contextualGroundingFilters

readonly contextualGroundingFilters: ContextualGroundingFilter[]

The contextual grounding filters applied by the guardrail.


deniedTopics

readonly deniedTopics: Topic[]

The denied topic filters applied by the guardrail.


env

readonly env: ResourceEnvironment

The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Inherited from

GuardrailBase.env


guardrailArn

readonly guardrailArn: string

The ARN of the guardrail.

Overrides

GuardrailBase.guardrailArn


guardrailId

readonly guardrailId: string

The ID of the guardrail.

Overrides

GuardrailBase.guardrailId


guardrailVersion

guardrailVersion: string

The version of the guardrail. By default, this value will always be DRAFT unless an explicit version is created. For an explicit version created, this will usually be a number (e.g. for Version 1 just enter “1”)

Example

"1"

Default

- "DRAFT"

Overrides

GuardrailBase.guardrailVersion


hash

readonly hash: string

The computed hash of the guardrail properties.


kmsKey?

readonly optional kmsKey: IKey

The KMS key used to encrypt data.

Default

undefined - "Data is encrypted by default with a key that AWS owns and manages for you"

Overrides

GuardrailBase.kmsKey


managedWordListFilters

readonly managedWordListFilters: PROFANITY[]

The managed word list filters applied by the guardrail.


name

readonly name: string

The name of the guardrail.


node

readonly node: Node

The tree node.

Inherited from

GuardrailBase.node


physicalName

protected readonly physicalName: string

Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.

This value will resolve to one of the following:

Inherited from

GuardrailBase.physicalName


piiFilters

readonly piiFilters: PIIFilter[]

The PII filters applied by the guardrail.


regexFilters

readonly regexFilters: RegexFilter[]

The regex filters applied by the guardrail.


stack

readonly stack: Stack

The stack in which this resource is defined.

Inherited from

GuardrailBase.stack


wordFilters

readonly wordFilters: string[]

The word filters applied by the guardrail.

Methods

_enableCrossEnvironment()

_enableCrossEnvironment(): void

Internal

Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through its absolute name/arn.

Returns

void

Inherited from

GuardrailBase._enableCrossEnvironment


addContentFilter()

addContentFilter(filter): void

Adds a content filter to the guardrail.

Parameters

filter

ContentFilter

The content filter to add.

Returns

void


addContextualGroundingFilter()

addContextualGroundingFilter(filter): void

Adds a contextual grounding filter to the guardrail.

Parameters

filter

ContextualGroundingFilter

The contextual grounding filter to add.

Returns

void


addDeniedTopicFilter()

addDeniedTopicFilter(filter): void

Adds a denied topic filter to the guardrail.

Parameters

filter

Topic

The denied topic filter to add.

Returns

void


addManagedWordListFilter()

addManagedWordListFilter(filter): void

Adds a managed word list filter to the guardrail.

Parameters

filter

PROFANITY

The managed word list filter to add.

Returns

void


addPIIFilter()

addPIIFilter(filter): void

Adds a PII filter to the guardrail.

Parameters

filter

PIIFilter

The PII filter to add.

Returns

void


addRegexFilter()

addRegexFilter(filter): void

Adds a regex filter to the guardrail.

Parameters

filter

RegexFilter

The regex filter to add.

Returns

void


addWordFilter()

addWordFilter(filter): void

Adds a word filter to the guardrail.

Parameters

filter

string

The word filter to add.

Returns

void


addWordFilterFromFile()

addWordFilterFromFile(filePath): void

Adds a word filter to the guardrail.

Parameters

filePath

string

The location of the word filter file.

Returns

void


applyRemovalPolicy()

applyRemovalPolicy(policy): void

Apply the given removal policy to this resource

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters

policy

RemovalPolicy

Returns

void

Inherited from

GuardrailBase.applyRemovalPolicy


createVersion()

createVersion(description?): string

Create a version for the guardrail.

Parameters

description?

string

The description of the version.

Returns

string

The guardrail version.


generatePhysicalName()

protected generatePhysicalName(): string

Returns

string

Inherited from

GuardrailBase.generatePhysicalName


getResourceArnAttribute()

protected getResourceArnAttribute(arnAttr, arnComponents): string

Returns an environment-sensitive token that should be used for the resource’s “ARN” attribute (e.g. bucket.bucketArn).

Normally, this token will resolve to arnAttr, but if the resource is referenced across environments, arnComponents will be used to synthesize a concrete ARN with the resource’s physical name. Make sure to reference this.physicalName in arnComponents.

Parameters

arnAttr

string

The CFN attribute which resolves to the ARN of the resource. Commonly it will be called “Arn” (e.g. resource.attrArn), but sometimes it’s the CFN resource’s ref.

arnComponents

ArnComponents

The format of the ARN of this resource. You must reference this.physicalName somewhere within the ARN in order for cross-environment references to work.

Returns

string

Inherited from

GuardrailBase.getResourceArnAttribute


getResourceNameAttribute()

protected getResourceNameAttribute(nameAttr): string

Returns an environment-sensitive token that should be used for the resource’s “name” attribute (e.g. bucket.bucketName).

Normally, this token will resolve to nameAttr, but if the resource is referenced across environments, it will be resolved to this.physicalName, which will be a concrete name.

Parameters

nameAttr

string

The CFN attribute which resolves to the resource’s name. Commonly this is the resource’s ref.

Returns

string

Inherited from

GuardrailBase.getResourceNameAttribute


grantApply()

grantApply(grantee): Grant

Grant the given identity permissions to apply the guardrail.

Parameters

grantee

IGrantable

Returns

Grant

Inherited from

GuardrailBase.grantApply


toString()

toString(): string

Returns a string representation of this construct.

Returns

string

Inherited from

GuardrailBase.toString


fromCfnGuardrail()

static fromCfnGuardrail(cfnGuardrail): IGuardrail

Import a low-level L1 Cfn Guardrail

Parameters

cfnGuardrail

CfnGuardrail

Returns

IGuardrail


fromGuardrailAttributes()

static fromGuardrailAttributes(scope, id, attrs): IGuardrail

Import a guardrail given its attributes

Parameters

scope

Construct

id

string

attrs

GuardrailAttributes

Returns

IGuardrail


isConstruct()

static isConstruct(x): x is Construct

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters

x

any

Any object

Returns

x is Construct

true if x is an object created from a class which extends Construct.

Inherited from

GuardrailBase.isConstruct


isOwnedResource()

static isOwnedResource(construct): boolean

Returns true if the construct was created by CDK, and false otherwise

Parameters

construct

IConstruct

Returns

boolean

Inherited from

GuardrailBase.isOwnedResource


isResource()

static isResource(construct): construct is Resource

Check whether the given construct is a Resource

Parameters

construct

IConstruct

Returns

construct is Resource

Inherited from

GuardrailBase.isResource