Minor enhancement on guardrail cdk (#689)

.github/workflows/bedrock-build.yml

@@ -39,7 +39,7 @@ jobs:
           echo "INFO: npm version: $(npm --version)"
           echo "INFO: python3 version: $(python3 --version)"
       - name: Run cdk synth
-        run: make synth-guardrail
+        run: make synth
 
   bedrock-phoenix:
     name: Test Bedrock Phoenix IaC

Bedrock/cdk/guardrail/Makefile

@@ -9,16 +9,16 @@ install-cdk:
 	python3 -m pip install -U pip
 	pip3 install -r requirements.txt
 
-synth-guardrail:
+synth:
 	cdk synth $(APP_NAME)-BedrockGuardrail -c env=$(ENV_STAGE)
 
-diff-guardrail:
+diff:
 	cdk diff $(APP_NAME)-BedrockGuardrail -c env=$(ENV_STAGE)
 
-deploy-guardrail:
+deploy:
 	cdk deploy $(APP_NAME)-BedrockGuardrail -c env=$(ENV_STAGE) $(APP_NAME) --require-approval never
 
-destroy-guardrail:
+destroy:
 	cdk destroy $(APP_NAME)-BedrockGuardrail -f -c env=$(ENV_STAGE)
 
 test-cdk:

Bedrock/cdk/guardrail/bedrock_guardrail.py

@@ -79,16 +79,18 @@ def create_contextual_grounding_policy_config(
         """
         Use contextual grounding check to filter hallucinations in responses
         """
-        filters_config = [
-            CfnGuardrail.ContextualGroundingFilterConfigProperty(
-                threshold=v["threshold"],
-                type=k,
-            )
-            for k, v in self.config["BedrockGuardrail"][
-                "contextual_grounding_policy_config"
-            ].items()
-        ]
-        return CfnGuardrail.ContextualGroundingPolicyConfigProperty(filters_config=filters_config)
+        if self.config["BedrockGuardrail"].get("contextual_grounding_policy_config"):
+            filters_config = [
+                CfnGuardrail.ContextualGroundingFilterConfigProperty(
+                    threshold=v["threshold"],
+                    type=k,
+                )
+                for k, v in self.config["BedrockGuardrail"][
+                    "contextual_grounding_policy_config"
+                ].items()
+            ]
+            return CfnGuardrail.ContextualGroundingPolicyConfigProperty(filters_config=filters_config)
+        return None
 
     def create_sensitive_information_policy_config(
         self,

Bedrock/cdk/guardrail/environment/dev.yml

@@ -28,33 +28,32 @@ BedrockGuardrail:
     PROMPT_ATTACK:
       input_strength: HIGH
       output_strength: NONE  # Must be NONE for response
-  contextual_grounding_policy_config:
+  contextual_grounding_policy_config: {}
     # Use contextual grounding check to filter hallucinations in responses
     # https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-contextual-grounding-check.html
     # Threshold: between 0 and 0.99. 1 is invalid as that will block all content.
-    GROUNDING:
-      threshold: 0.8
-    RELEVANCE:
-      threshold: 0.7
+    # GROUNDING:
+    #   threshold: 0.8
+    # RELEVANCE:
+    #   threshold: 0.7
   sensitive_information_policy_config:
     # Block or mask sensitive information such as PII or custom regex in user inputs and model responses
     # Types supported - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-guardrail-piientityconfig.html
     # Actions Allowed values: BLOCK | ANONYMIZE
     pii_entities_config:
       # Only a subset of PII entities are shown here
-      ADDRESS: BLOCK
-      DRIVER_ID: BLOCK
+      DRIVER_ID: ANONYMIZE
       EMAIL: ANONYMIZE
       PASSWORD: BLOCK
       PHONE: ANONYMIZE
-      LICENSE_PLATE: BLOCK
+      LICENSE_PLATE: ANONYMIZE
       VEHICLE_IDENTIFICATION_NUMBER: ANONYMIZE
       CREDIT_DEBIT_CARD_CVV: BLOCK
       CREDIT_DEBIT_CARD_EXPIRY: BLOCK
       CREDIT_DEBIT_CARD_NUMBER: BLOCK
       INTERNATIONAL_BANK_ACCOUNT_NUMBER: BLOCK
       PIN: BLOCK
-      SWIFT_CODE: BLOCK
+      SWIFT_CODE: ANONYMIZE
       AWS_ACCESS_KEY: BLOCK
       AWS_SECRET_KEY: BLOCK
     regexes_config: []