Managing Guardrails¶
To manage your Guardrails (1) you can select the Guardrails option from the left navigation pane in the PAIG portal. On this page, you can view all the guardrails that are created in PAIG. From there you can either select a guardrail to view and manage or create a new guardrail.
- Read more about Guardrails in the User Guide section.
Creating a New Guardrail¶
To configure a new guardrail, go to Application > Guardrails and click the CREATE GUARDRAIL button on the right top. This will open a dialog box where you can enter the details of the guardrail. You need to set up the guardrail connection and configure the response template beforehand.
| Field | Mandatory | Description | Example |
|---|---|---|---|
| Name | Yes | Name of your Guardrail. Keep it short and simple | InformationGuard |
| Description | No | Describe your Guardrail in a few words | This is a safeguard for internal ChatBot of the company |
| Default Guardrail | Yes(by default selected) | PAIG Guardrail is for blocking or masking sensitive information | true |
| Optional Guardrail Provider | No | Here you can select AWS Bedrock Guardrail connection which provides capability for prompt safety, content filtering, blocking on deny topics, denied terms etc | true |
Creating a New Guardrail Connection¶
To create a new guardrail connection for AWS, go to Account > Guardrail Connections and click on AWS Bedrock from Available Providers. This will open a dialog box where you can enter the details of the guardrail connection.
| Field | Mandatory | Description | Example |
|---|---|---|---|
| Connection Name | Yes | Name of your Guardrail Connection. Keep it short and simple | InformationGuardConnection |
| Connection Description | No | Describe your Guardrail Connection in a few words | This is to connect an AWS account for managing guardrails to safeguard for the internal ChatBot of the company |
| Connection Type | Yes | The connection type for AWS to choose from - IAM Role: Assumes an IAM role to generate temporary credentials for the AWS client. Access Key & Secret Key: Directly authenticates the AWS client using static credentials for guardrail creation. Instance Role: Used in Kubernetes (K8S) deployments, leveraging the service account linked to the K8S pod for authentication. | Access Key & Secret Key |
| Region | Yes | Here you can add the AWS region where you want your guardrails created and managed | us-east-1 |
Creating a New Guardrail Response Template¶
To create a new response template for Guardrails, go to Application > Response Template and click on the CREATE TEMPLATE button at the right top. This will open a dialog box where you can enter the details of the guardrail response template.
| Field | Mandatory | Description | Example |
|---|---|---|---|
| Response | Yes | The response to the user prompt in your chatbot AI application whenever anything is blocked through guardrail. Keep it short and simple | Sorry I can't respond to that as it contains potentially harmful content |
| Description | No | Describe your response in a few words | This response is designed to politely inform the user that their request cannot be fulfilled due to the detection of potentially harmful content |
Troubleshooting¶
AWS Credentials Issues¶
Invalid or Expired Security Token
- Error: "Unable to verify connection. The security token included in the request is invalid/expired"
- Solution: Update the AWS credentials in your Guardrail Connection with valid credentials
Invalid Authentication Credentials
- Error: "The provided authentication credentials for the associated connection are invalid"
- Solution: Verify and update the AWS credentials in your Guardrail Connection
Access Denied
- Error: "Access Denied for the associated connection"
- Solution: Ensure you have write access to AWS Bedrock Guardrails
Guardrail Configuration Issues¶
Duplicate Guardrail Name
- Error: "A guardrail with this name may already exist"
- Solution: Choose a different name as another user may have already created a guardrail with the same name in the same AWS account
Duplicate Denied Terms
- Error: "Validation error: Custom words cannot have case-insensitive duplicates"
- Solution: Review your guardrail configuration and remove any duplicate terms from the denied words list
Topic definition length exceeded
- Error: "Validation error: Failed to satisfy constraint: Member must have length less than or equal to 200"
- Solution: Reduce the length of the topic definition to meet the character limit
Guardrails Not Applied
- Error: "Guardrails not applied in the AI application"
- Solution: Check the guardrail association by either:
- Visiting the AI application page
- Editing the Guardrail configuration and selecting the AI Application