Skip to content

Managing Guardrails

To manage your Guardrails (1) you can select the Guardrails option from the left navigation pane in the PAIG portal. On this page, you can view all the guardrails that are created in PAIG. From there you can either select a guardrail to view and manage or create a new guardrail.

  1. Read more about Guardrails in the User Guide section.

Creating a New Guardrail

Go To PAIG

To configure a new guardrail, go to Application > Guardrails and click the CREATE GUARDRAIL button on the right top. This will open a dialog box where you can enter the details of the guardrail. You need to set up the guardrail connection and configure the response template beforehand.

 

How to add Guardrails
Field Mandatory Description Example
Name Yes Name of your Guardrail. Keep it short and simple InformationGuard
Description No Describe your Guardrail in a few words This is a safeguard for internal ChatBot of the company
Default Guardrail Yes(by default selected) PAIG Guardrail is for blocking or masking sensitive information true
Optional Guardrail Provider No Here you can select AWS Bedrock Guardrail connection which provides capability for prompt safety, content filtering, blocking on deny topics, denied terms etc true

Creating a New Guardrail Connection

Go To PAIG

To create a new guardrail connection for AWS, go to Account > Guardrail Connections and click on AWS Bedrock from Available Providers. This will open a dialog box where you can enter the details of the guardrail connection.

 

How to add Guardrail Connection
Field Mandatory Description Example
Connection Name Yes Name of your Guardrail Connection. Keep it short and simple InformationGuardConnection
Connection Description No Describe your Guardrail Connection in a few words This is to connect an AWS account for managing guardrails to safeguard for the internal ChatBot of the company
Connection Type Yes The connection type for AWS to choose from -
IAM Role: Assumes an IAM role to generate temporary credentials for the AWS client.
Access Key & Secret Key: Directly authenticates the AWS client using static credentials for guardrail creation.
Instance Role: Used in Kubernetes (K8S) deployments, leveraging the service account linked to the K8S pod for authentication.
Access Key & Secret Key
Region Yes Here you can add the AWS region where you want your guardrails created and managed us-east-1

Creating a New Guardrail Response Template

Go To PAIG

To create a new response template for Guardrails, go to Application > Response Template and click on the CREATE TEMPLATE button at the right top. This will open a dialog box where you can enter the details of the guardrail response template.

 

How to add Guardrail Response Template
Field Mandatory Description Example
Response Yes The response to the user prompt in your chatbot AI application whenever anything is blocked through guardrail. Keep it short and simple Sorry I can't respond to that as it contains potentially harmful content
Description No Describe your response in a few words This response is designed to politely inform the user that their request cannot be fulfilled due to the detection of potentially harmful content

Troubleshooting

AWS Credentials Issues

Invalid or Expired Security Token
  • Error: "Unable to verify connection. The security token included in the request is invalid/expired"
  • Solution: Update the AWS credentials in your Guardrail Connection with valid credentials
Invalid Authentication Credentials
  • Error: "The provided authentication credentials for the associated connection are invalid"
  • Solution: Verify and update the AWS credentials in your Guardrail Connection
Access Denied
  • Error: "Access Denied for the associated connection"
  • Solution: Ensure you have write access to AWS Bedrock Guardrails

Guardrail Configuration Issues

Duplicate Guardrail Name
  • Error: "A guardrail with this name may already exist"
  • Solution: Choose a different name as another user may have already created a guardrail with the same name in the same AWS account
Duplicate Denied Terms
  • Error: "Validation error: Custom words cannot have case-insensitive duplicates"
  • Solution: Review your guardrail configuration and remove any duplicate terms from the denied words list
Topic definition length exceeded
  • Error: "Validation error: Failed to satisfy constraint: Member must have length less than or equal to 200"
  • Solution: Reduce the length of the topic definition to meet the character limit
Guardrails Not Applied
  • Error: "Guardrails not applied in the AI application"
  • Solution: Check the guardrail association by either:
    1. Visiting the AI application page
    2. Editing the Guardrail configuration and selecting the AI Application