feat: add bedrock guardrails (#24)

* add guardrail detailed example
* add path for pip ecosystem

---------

Signed-off-by: Scott Schreckengaust <scottschreckengaust@users.noreply.github.com>

Author: scottschreckengaust

.github/dependabot.yml

@@ -13,6 +13,7 @@ updates:
       - "/samples/document-explorer/terraform-config-backend"
       - "/samples/document-explorer/terraform-config-frontend"
       - "/samples/bedrock-agent"
+      - "/samples/bedrock-guardrails"
     schedule:
       interval: "weekly"
     commit-message:
@@ -22,6 +23,7 @@ updates:
     directories:
       - "/samples/document-explorer/client_app"
       - "/samples/bedrock-agent/lambda/action-group"
+      - "/samples/bedrock-guardrails/scripts"
     schedule:
       interval: "weekly"
     commit-message:

README.md

@@ -32,7 +32,13 @@ Each folder under the `samples` directory has a `README.md` with the specific in
     │   ├── scripts/load-kb.sh          # Script to load and synchronize the Bedrock knowledge base's data source
     │   ├── lambda/action-group/        # Code for the action group
     │   └── lambda/action-group.yaml    # The Open API specification for the action group
+    ├── bedrock-guardrails              # An example usage for Bedrock guardrails
+    │   ├── README.md                   # Instructions
+    │   ├── main.tf                     # The main file
+    │   ├── outputs.tf                  # Outputs to use while testing
+    │   └── scripts/                    # A folder to test and review Bedrock guardrails
     └── ...
+    
 ```
 
 ## Issues, Support, Security, and Contributing

samples/bedrock-agent/README.md

@@ -17,7 +17,7 @@ Gutenburg.
 By providing reusable modules following AWS best practices,
 this app helps you quickly build custom generative AI apps on AWS using Terraform.
 
-The AWS Terraform [bedrock](https://registry.terraform.io/modules/aws-ia/bedrock/aws/latest) module 
+The AWS Terraform [bedrock](https://registry.terraform.io/modules/aws-ia/bedrock/aws/latest) module
 abstracts the complexity of orchestrating AWS services like S3, OpenSearch, Bedrock, etc.
 
 Here is the architecture diagram of the sample application:

samples/bedrock-guardrails/.terraform.lock.hcl

@@ -0,0 +1,146 @@
+# Amazon Bedrock Guardrails
+
+This example shows how to deploy a basic Bedrock agent with guardrails, leaving the default values and without creating an action group or a knowledgebase.
+
+## Overview
+
+The AWS Terraform [bedrock](https://registry.terraform.io/modules/aws-ia/bedrock/aws/latest) module
+abstracts the complexity of orchestrating AWS services like for Bedrock's guardrails. This 
+
+## Folder Structure
+
+The key files are annotated below:
+
+```tree
+├── README.md
+├── data.tf
+├── guardrails.auto.tfvars        # The configuration for the example guardrail
+├── main.tf
+├── outputs.tf                    # Outputs for the two bedrock agents
+├── providers.tf
+├── scripts
+│    ├── input.txt                # The inputs to test (one line at a time)
+│    ├── requirements.txt
+│    └── review.py                # Script to send input and review output
+└── variables.tf                  
+```
+
+## Getting started
+
+### Prerequisites
+
+- An AWS account. We recommend you deploy this solution in a new account.
+- [AWS CLI](https://aws.amazon.com/cli/): configure your credentials
+
+```shell
+aws configure --profile [your-profile] 
+AWS Access Key ID [None]: xxxxxx
+AWS Secret Access Key [None]:yyyyyyyyyy
+Default region name [None]: us-east-1 
+Default output format [None]: json
+```
+
+- [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli): v1.7.4 or greater
+- [Python](https://www.python.org/downloads/): 3.12 or greater
+
+### Deploy the solution
+
+This project is built using [Terraform](https://www.terraform.io/). See [Getting Started - AWS](https://developer.hashicorp.com/terraform/tutorials/aws-get-started) for additional details and prerequisites.
+
+1. Clone this repository.
+
+    ```shell
+    git clone https://github.com/aws-samples/generative-ai-cdk-constructs-samples.git
+    ```
+
+2. Enter the code sample directory.
+
+    ```shell
+    cd generative-ai-cdk-constructs-samples/samples/bedrock-guardrails
+    ```
+
+3. Initialize Terraform.
+
+    ```shell
+    terraform init
+    ...
+    Terraform has been successfully initialized!
+    ...
+    ```
+
+4. Deploy the two Agents (takes ~1min)
+
+    ```shell
+    terraform apply -auto-approve
+    ...
+    Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
+
+    Outputs:
+
+    bedrock_agent_id_with_guardrail = "ZYXWVUTSR1"
+    bedrock_agent_id_without_guardrail = "ABCDEFGHI9"
+    ```
+
+5. Note the two outputs for the Bedrock Agents for testing
+
+## Test the agents
+
+We will use input similiar to the `examples` in the `topics_config` variable listed within the `guardrails.auto.tfvars` file:
+
+- `What stocks should I invest in for my retirement?`
+- `Is it a good idea to put my money in a mutual fund?`
+- `How should I allocate my 401(k) investments?`
+- `What type of trust fund should I set up for my children?`
+- `Should I hire a financial advisor to manage my investments?`
+
+### Use scripts
+
+1. Enter the scripts directory.
+
+    ```shell
+    cd scripts
+    ```
+
+2. Create and activate your python virtual environment.
+
+    ```shell
+    python -m venv .venv
+    source .venv/bin/activate
+    pip install -r requirements.txt
+    ```
+
+3. Run the script to see each agents responses.
+
+    ```shell
+    python review.py
+    ```
+
+4. (optional) Alter the `input.txt` and run the previous step again to see changes
+
+5. Deactivate and remove the virtual environment
+
+    ```shell
+    deactivate
+    rm -r -f .venv
+    ```
+
+### Use the console to test the agents with more examples
+
+Alternatively, open the console test each agent (one with and one without guardrails) directly. _See [Test and troubleshoot agent behavior](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-test.html)_.
+
+## Cleanup
+
+1. Tear the terraform solution down (~30 seconds).
+
+    ```shell
+    terraform destroy -auto-approve
+    ...
+    Destroy complete! Resources: 11 destroyed.
+    ```
+
+## References
+
+Here is a sample repositories and workshop to dive deeper with guardrails!
+
+- ["Responsible AI Samples" in Amazon Bedrock Service Sample Repository on Github](https://github.com/aws-samples/amazon-bedrock-samples/blob/main/responsible_ai)
+- ["Lab 8 - Creating Agent with Guardrails for Amazon Bedrock integration" in Amazon Bedrock Agents Workshop](https://catalog.workshops.aws/agents-for-amazon-bedrock/en-US/80-create-agent-with-guardrails)

samples/bedrock-guardrails/README.md

@@ -0,0 +1 @@
+data "aws_bedrock_foundation_models" "test" {}

samples/bedrock-guardrails/data.tf

@@ -0,0 +1,97 @@
+blocked_input_messaging   = "I can provide general info about products and services, but can't fully address your request here. For personalized help or detailed questions, please contact our customer service team directly. For security reasons, avoid sharing sensitive information through this channel. If you have a general product question, feel free to ask without including personal details."
+blocked_outputs_messaging = "I can provide general info about products and services, but can't fully address your request here. For personalized help or detailed questions, please contact our customer service team directly. For security reasons, avoid sharing sensitive information through this channel. If you have a general product question, feel free to ask without including personal details."
+filters_config = [
+  {
+    input_strength  = "HIGH"
+    output_strength = "HIGH"
+    type            = "VIOLENCE"
+  },
+  {
+    input_strength  = "HIGH"
+    output_strength = "NONE"
+    type            = "PROMPT_ATTACK"
+  },
+  {
+    input_strength  = "HIGH"
+    output_strength = "HIGH"
+    type            = "MISCONDUCT"
+  },
+  {
+    input_strength  = "HIGH"
+    output_strength = "HIGH"
+    type            = "HATE"
+  },
+  {
+    input_strength  = "HIGH"
+    output_strength = "HIGH"
+    type            = "SEXUAL"
+  },
+  {
+    input_strength  = "HIGH"
+    output_strength = "HIGH"
+    type            = "INSULTS"
+  },
+]
+managed_word_lists_config = [
+  {
+    type = "PROFANITY"
+  }
+]
+pii_entities_config = [
+  {
+    action = "ANONYMIZE"
+    type   = "NAME"
+  },
+  {
+    action = "ANONYMIZE"
+    type   = "PHONE"
+  },
+  {
+    action = "ANONYMIZE"
+    type   = "EMAIL"
+  },
+  {
+    action = "BLOCK"
+    type   = "US_SOCIAL_SECURITY_NUMBER"
+  },
+  {
+    action = "BLOCK"
+    type   = "US_BANK_ACCOUNT_NUMBER"
+  },
+  {
+    action = "BLOCK"
+    type   = "CREDIT_DEBIT_CARD_NUMBER"
+  },
+]
+regexes_config = [
+  {
+    name        = "Account Number"
+    description = "Matches account numbers in the format XXXXXX1234"
+    pattern     = "(\\b\\d{6}\\d{4}\\b)"
+    action      = "ANONYMIZE"
+  }
+]
+topics_config = [{
+  name       = "Fiduciary Advice"
+  type       = "DENY"
+  definition = "Providing personalized advice or recommendations on managing financial assets, investments, or trusts in a fiduciary capacity or assuming related obligations and liabilities."
+  examples = [
+    "What stocks should I invest in for my retirement?",
+    "Is it a good idea to put my money in a mutual fund?",
+    "How should I allocate my 401(k) investments?",
+    "What type of trust fund should I set up for my children?",
+    "Should I hire a financial advisor to manage my investments?",
+  ]
+}]
+words_config = [
+  { text = "fiduciary advice" },
+  { text = "investment recommendations" },
+  { text = "stock picks" },
+  { text = "financial planning guidance" },
+  { text = "portfolio allocation advice" },
+  { text = "retirement fund suggestions" },
+  { text = "wealth management tips" },
+  { text = "trust fund setup" },
+  { text = "investment strategy" },
+  { text = "financial advisor recommendations" },
+]