PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.31.0__py3-none-any.whl → 0.57.0__py3-none-any.whl - Mend - Supply Chain Defender

konokenj.cdk-api-mcp-server 0.31.0py3-none-any.whl → 0.57.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (243) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-alpha/README.md CHANGED Viewed

@@ -35,6 +35,34 @@ This construct library facilitates the deployment of Bedrock Agents, enabling yo
   - [Agent Collaboration](#agent-collaboration)
   - [Custom Orchestration](#custom-orchestration)
   - [Agent Alias](#agent-alias)
+- [Guardrails](#guardrails)
+  - [Guardrail Properties](#guardrail-properties)
+  - [Filter Types](#filter-types)
+    - [Content Filters](#content-filters)
+    - [Denied Topics](#denied-topics)
+    - [Word Filters](#word-filters)
+    - [PII Filters](#pii-filters)
+    - [Regex Filters](#regex-filters)
+    - [Contextual Grounding Filters](#contextual-grounding-filters)
+  - [Guardrail Methods](#guardrail-methods)
+  - [Guardrail Permissions](#guardrail-permissions)
+  - [Guardrail Metrics](#guardrail-metrics)
+  - [Importing Guardrails](#importing-guardrails)
+  - [Guardrail Versioning](#guardrail-versioning)
+- [Prompts](#prompts)
+  - [Prompt Variants](#prompt-variants)
+  - [Basic Text Prompt](#basic-text-prompt)
+  - [Chat Prompt](#chat-prompt)
+  - [Agent Prompt](#agent-prompt)
+  - [Prompt Properties](#prompt-properties)
+  - [Prompt Version](#prompt-version)
+  - [Import Methods](#import-methods)
+- [Inference Profiles](#inference-profiles)
+  - [Using Inference Profiles](#using-inference-profiles)
+  - [Types of Inference Profiles](#types-of-inference-profiles)
+  - [Prompt Routers](#prompt-routers)
+  - [Inference Profile Permissions](#inference-profile-permissions)
+  - [Inference Profiles Import Methods](#inference-profiles-import-methods)
 ## Agents
@@ -52,6 +80,29 @@ const agent = new bedrock.Agent(this, 'Agent', {
 });
 ```
+You can also create an agent with a guardrail:
+```ts fixture=default
+// Create a guardrail to filter inappropriate content
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  description: 'Legal ethical guardrails.',
+});
+guardrail.addContentFilter({
+  type: bedrock.ContentFilterType.SEXUAL,
+  inputStrength: bedrock.ContentFilterStrength.HIGH,
+  outputStrength: bedrock.ContentFilterStrength.MEDIUM,
+});
+// Create an agent with the guardrail
+const agentWithGuardrail = new bedrock.Agent(this, 'AgentWithGuardrail', {
+  foundationModel: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_HAIKU_V1_0,
+  instruction: 'You are a helpful and friendly agent that answers questions about literature.',
+  guardrail: guardrail,
+});
+```
 ### Agent Properties
 The Bedrock Agent class supports the following properties.
@@ -67,6 +118,8 @@ The Bedrock Agent class supports the following properties.
 | kmsKey | kms.IKey | No | The KMS key of the agent if custom encryption is configured. Defaults to AWS managed key |
 | description | string | No | A description of the agent. Defaults to no description |
 | actionGroups | AgentActionGroup[] | No | The Action Groups associated with the agent |
+| guardrail | IGuardrail | No | The guardrail that will be associated with the agent. Defaults to no guardrail |
+| memory | Memory | No | The type and configuration of the memory to maintain context across multiple sessions and recall past interactions. Defaults to no memory |
 | promptOverrideConfiguration | PromptOverrideConfiguration | No | Overrides some prompt templates in different parts of an agent sequence configuration |
 | userInputEnabled | boolean | No | Select whether the agent can prompt additional information from the user when it lacks enough information. Defaults to false |
 | codeInterpreterEnabled | boolean | No | Select whether the agent can generate, run, and troubleshoot code when trying to complete a task. Defaults to false |
@@ -606,3 +659,896 @@ const agentAlias = new bedrock.AgentAlias(this, 'myAlias', {
   description: `Production version of my agent. Created at ${agent.lastUpdated}` // ensure the version update
 });
 ```
+## Guardrails
+Amazon Bedrock's Guardrails feature enables you to implement robust governance and control mechanisms for your generative AI applications, ensuring alignment with your specific use cases and responsible AI policies. Guardrails empowers you to create multiple tailored policy configurations, each designed to address the unique requirements and constraints of different use cases. These policy configurations can then be seamlessly applied across multiple foundation models (FMs) and Agents, ensuring a consistent user experience and standardizing safety, security, and privacy controls throughout your generative AI ecosystem.
+With Guardrails, you can define and enforce granular, customizable policies to precisely govern the behavior of your generative AI applications. You can configure the following policies in a guardrail to avoid undesirable and harmful content and remove sensitive information for privacy protection.
+Content filters – Adjust filter strengths to block input prompts or model responses containing harmful content.
+Denied topics – Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.
+Word filters – Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.
+Sensitive information filters – Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.
+You can create a Guardrail with a minimum blockedInputMessaging, blockedOutputsMessaging and default content filter policy.
+### Basic Guardrail Creation
+#### TypeScript
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  description: 'Legal ethical guardrails.',
+});
+// add at least one policy for the guardrail
+```
+### Guardrail Properties
+| Property | Type | Required | Description |
+|----------|------|----------|-------------|
+| guardrailName | string | Yes | The name of the guardrail |
+| description | string | No | The description of the guardrail |
+| blockedInputMessaging | string | No | The message to return when the guardrail blocks a prompt. Default: "Sorry, your query violates our usage policy." |
+| blockedOutputsMessaging | string | No | The message to return when the guardrail blocks a model response. Default: "Sorry, I am unable to answer your question because of our usage policy." |
+| kmsKey | IKey | No | A custom KMS key to use for encrypting data. Default: Your data is encrypted by default with a key that AWS owns and manages for you. |
+| crossRegionConfig | GuardrailCrossRegionConfigProperty | No | The cross-region configuration for the guardrail. This enables cross-region inference for enhanced language support and filtering capabilities. Default: No cross-region configuration |
+| contentFilters | ContentFilter[] | No | The content filters to apply to the guardrail |
+| contentFiltersTierConfig | TierConfig | No | The tier configuration to apply to content filters. Default: TierConfig.CLASSIC |
+| deniedTopics | Topic[] | No | Up to 30 denied topics to block user inputs or model responses associated with the topic |
+| topicsTierConfig | TierConfig | No | The tier configuration to apply to topic filters. Default: TierConfig.CLASSIC |
+| wordFilters | string[] | No | The word filters to apply to the guardrail |
+| managedWordListFilters | ManagedWordFilterType[] | No | The managed word filters to apply to the guardrail |
+| piiFilters | PIIFilter[] | No | The PII filters to apply to the guardrail |
+| regexFilters | RegexFilter[] | No | The regular expression (regex) filters to apply to the guardrail |
+| contextualGroundingFilters | ContextualGroundingFilter[] | No | The contextual grounding filters to apply to the guardrail |
+### Filter Types
+#### Content Filters
+Content filters allow you to block input prompts or model responses containing harmful content. You can adjust the filter strength and configure separate actions for input and output.
+##### Content Filter Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  // Configure tier for content filters (optional)
+  contentFiltersTierConfig: bedrock.TierConfig.STANDARD,
+});
+guardrail.addContentFilter({
+  type: bedrock.ContentFilterType.SEXUAL,
+  inputStrength: bedrock.ContentFilterStrength.HIGH,
+  outputStrength: bedrock.ContentFilterStrength.MEDIUM,
+  // props below are optional
+  inputAction: bedrock.GuardrailAction.BLOCK,
+  inputEnabled: true,
+  outputAction: bedrock.GuardrailAction.NONE,
+  outputEnabled: true,
+  inputModalities: [bedrock.ModalityType.TEXT, bedrock.ModalityType.IMAGE],
+  outputModalities: [bedrock.ModalityType.TEXT],
+});
+```
+Available content filter types:
+- `SEXUAL`: Describes input prompts and model responses that indicates sexual interest, activity, or arousal
+- `VIOLENCE`: Describes input prompts and model responses that includes glorification of or threats to inflict physical pain
+- `HATE`: Describes input prompts and model responses that discriminate, criticize, insult, denounce, or dehumanize a person or group
+- `INSULTS`: Describes input prompts and model responses that includes demeaning, humiliating, mocking, insulting, or belittling language
+- `MISCONDUCT`: Describes input prompts and model responses that seeks or provides information about engaging in misconduct activity
+- `PROMPT_ATTACK`: Enable to detect and block user inputs attempting to override system instructions
+Available content filter strengths:
+- `NONE`: No filtering
+- `LOW`: Light filtering
+- `MEDIUM`: Moderate filtering
+- `HIGH`: Strict filtering
+Available guardrail actions:
+- `BLOCK`: Blocks the content from being processed
+- `ANONYMIZE`: Masks the content with an identifier tag
+- `NONE`: Takes no action
+> Warning: the ANONYMIZE action is not available in all configurations. Please refer to the documentation of each filter to see which ones
+> support
+Available modality types:
+- `TEXT`: Text modality for content filters
+- `IMAGE`: Image modality for content filters
+#### Tier Configuration
+Guardrails support tier configurations that determine the level of language support and robustness for content and topic filters. You can configure separate tier settings for content filters and topic filters.
+##### Tier Configuration Options
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  // Configure tier for content filters
+  contentFiltersTierConfig: bedrock.TierConfig.STANDARD,
+  // Configure tier for topic filters
+  topicsTierConfig: bedrock.TierConfig.CLASSIC,
+});
+```
+Available tier configurations:
+- `CLASSIC`: Provides established guardrails functionality supporting English, French, and Spanish languages
+- `STANDARD`: Provides a more robust solution than the CLASSIC tier and has more comprehensive language support. This tier requires that your guardrail use cross-Region inference
+> Note: The STANDARD tier provides enhanced language support and more comprehensive filtering capabilities, but requires cross-Region inference to be enabled for your guardrail.
+#### Cross-Region Configuration
+You can configure a system-defined guardrail profile to use with your guardrail. Guardrail profiles define the destination AWS Regions where guardrail inference requests can be automatically routed. Using guardrail profiles helps maintain guardrail performance and reliability when demand increases.
+##### Cross-Region Configuration Properties
+| Property | Type | Required | Description |
+|----------|------|----------|-------------|
+| guardrailProfileArn | string | Yes | The ARN of the system-defined guardrail profile that defines the destination AWS Regions where guardrail inference requests can be automatically routed |
+##### Cross-Region Configuration Example
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  description: 'Guardrail with cross-region configuration for enhanced language support',
+  crossRegionConfig: {
+    guardrailProfileArn: 'arn:aws:bedrock:us-east-1:123456789012:guardrail-profile/my-profile',
+  },
+  // Use STANDARD tier for enhanced capabilities
+  contentFiltersTierConfig: bedrock.TierConfig.STANDARD,
+  topicsTierConfig: bedrock.TierConfig.STANDARD,
+});
+```
+> Note: Cross-region configuration is required when using the STANDARD tier for content and topic filters. It helps maintain guardrail performance and reliability when demand increases by automatically routing inference requests to appropriate regions.
+You will need to provide the necessary permissions for cross region: https://docs.aws.amazon.com/bedrock/latest/userguide/guardrail-profiles-permissions.html .
+#### Denied Topics
+Denied topics allow you to define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses. You can configure separate actions for input and output.
+##### Denied Topic Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+  // Configure tier for topic filters (optional)
+  topicsTierConfig: bedrock.TierConfig.STANDARD,
+});
+// Use a predefined topic
+guardrail.addDeniedTopicFilter(bedrock.Topic.FINANCIAL_ADVICE);
+// Create a custom topic with input/output actions
+guardrail.addDeniedTopicFilter(
+  bedrock.Topic.custom({
+    name: 'Legal_Advice',
+    definition: 'Offering guidance or suggestions on legal matters, legal actions, interpretation of laws, or legal rights and responsibilities.',
+    examples: [
+      'Can I sue someone for this?',
+      'What are my legal rights in this situation?',
+      'Is this action against the law?',
+      'What should I do to file a legal complaint?',
+      'Can you explain this law to me?',
+    ],
+    // props below are optional
+    inputAction: bedrock.GuardrailAction.BLOCK,
+    inputEnabled: true,
+    outputAction: bedrock.GuardrailAction.NONE,
+    outputEnabled: true,
+  })
+);
+```
+#### Word Filters
+Word filters allow you to block specific words, phrases, or profanity in user inputs and model responses. You can configure separate actions for input and output.
+##### Word Filter Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Add managed word list with input/output actions
+guardrail.addManagedWordListFilter({
+  type: bedrock.ManagedWordFilterType.PROFANITY,
+  inputAction: bedrock.GuardrailAction.BLOCK,
+  inputEnabled: true,
+  outputAction: bedrock.GuardrailAction.NONE,
+  outputEnabled: true,
+});
+// Add individual words
+guardrail.addWordFilter({text: 'drugs'});
+guardrail.addWordFilter({text: 'competitor'});
+// Add words from a file
+guardrail.addWordFilterFromFile('./scripts/wordsPolicy.csv');
+```
+#### PII Filters
+PII filters allow you to detect and handle personally identifiable information in user inputs and model responses. You can configure separate actions for input and output.
+The PII types are organized into enum-like classes for better type safety and transpilation compatibility:
+- **GeneralPIIType**: General PII types like addresses, emails, names, phone numbers
+- **FinancePIIType**: Financial information like credit card numbers, PINs, SWIFT codes
+- **InformationTechnologyPIIType**: IT-related data like URLs, IP addresses, AWS keys
+- **USASpecificPIIType**: US-specific identifiers like SSNs, passport numbers
+- **CanadaSpecificPIIType**: Canada-specific identifiers like health numbers, SINs
+- **UKSpecificPIIType**: UK-specific identifiers like NHS numbers, NI numbers
+##### PII Filter Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Add PII filter for addresses with input/output actions
+guardrail.addPIIFilter({
+  type: bedrock.GeneralPIIType.ADDRESS,
+  action: bedrock.GuardrailAction.BLOCK,
+  // below props are optional
+  inputAction: bedrock.GuardrailAction.BLOCK,
+  inputEnabled: true,
+  outputAction: bedrock.GuardrailAction.ANONYMIZE,
+  outputEnabled: true,
+});
+// Add PII filter for credit card numbers with input/output actions
+guardrail.addPIIFilter({
+  type: bedrock.FinancePIIType.CREDIT_DEBIT_CARD_NUMBER,
+  action: bedrock.GuardrailAction.BLOCK,
+  // below props are optional
+  inputAction: bedrock.GuardrailAction.BLOCK,
+  inputEnabled: true,
+  outputAction: bedrock.GuardrailAction.ANONYMIZE,
+  outputEnabled: true,
+});
+// Add PII filter for email addresses
+guardrail.addPIIFilter({
+  type: bedrock.GeneralPIIType.EMAIL,
+  action: bedrock.GuardrailAction.ANONYMIZE,
+});
+// Add PII filter for US Social Security Numbers
+guardrail.addPIIFilter({
+  type: bedrock.USASpecificPIIType.US_SOCIAL_SECURITY_NUMBER,
+  action: bedrock.GuardrailAction.BLOCK,
+});
+// Add PII filter for IP addresses
+guardrail.addPIIFilter({
+  type: bedrock.InformationTechnologyPIIType.IP_ADDRESS,
+  action: bedrock.GuardrailAction.ANONYMIZE,
+});
+```
+##### Available PII Types
+**GeneralPIIType:**
+- `ADDRESS`: Physical addresses
+- `AGE`: Individual's age
+- `DRIVER_ID`: Driver's license numbers
+- `EMAIL`: Email addresses
+- `LICENSE_PLATE`: Vehicle license plates
+- `NAME`: Individual names
+- `PASSWORD`: Passwords
+- `PHONE`: Phone numbers
+- `USERNAME`: User account names
+- `VEHICLE_IDENTIFICATION_NUMBER`: Vehicle VINs
+**FinancePIIType:**
+- `CREDIT_DEBIT_CARD_CVV`: Card verification codes
+- `CREDIT_DEBIT_CARD_EXPIRY`: Card expiration dates
+- `CREDIT_DEBIT_CARD_NUMBER`: Credit/debit card numbers
+- `PIN`: Personal identification numbers
+- `SWIFT_CODE`: Bank SWIFT codes
+- `INTERNATIONAL_BANK_ACCOUNT_NUMBER`: IBAN numbers
+**InformationTechnologyPIIType:**
+- `URL`: Web addresses
+- `IP_ADDRESS`: IPv4 addresses
+- `MAC_ADDRESS`: Network interface MAC addresses
+- `AWS_ACCESS_KEY`: AWS access key IDs
+- `AWS_SECRET_KEY`: AWS secret access keys
+**USASpecificPIIType:**
+- `US_BANK_ACCOUNT_NUMBER`: US bank account numbers
+- `US_BANK_ROUTING_NUMBER`: US bank routing numbers
+- `US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER`: US ITINs
+- `US_PASSPORT_NUMBER`: US passport numbers
+- `US_SOCIAL_SECURITY_NUMBER`: US Social Security Numbers
+**CanadaSpecificPIIType:**
+- `CA_HEALTH_NUMBER`: Canadian Health Service Numbers
+- `CA_SOCIAL_INSURANCE_NUMBER`: Canadian Social Insurance Numbers
+**UKSpecificPIIType:**
+- `UK_NATIONAL_HEALTH_SERVICE_NUMBER`: UK NHS numbers
+- `UK_NATIONAL_INSURANCE_NUMBER`: UK National Insurance numbers
+- `UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER`: UK UTR numbers
+#### Regex Filters
+Regex filters allow you to detect and handle custom patterns in user inputs and model responses. You can configure separate actions for input and output.
+##### Regex Filter Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Add regex filter with input/output actions
+guardrail.addRegexFilter({
+  name: 'TestRegexFilter',
+  pattern: 'test-pattern',
+  action: bedrock.GuardrailAction.ANONYMIZE,
+  // below props are optional
+  description: 'This is a test regex filter',
+  inputAction: bedrock.GuardrailAction.BLOCK,
+  inputEnabled: true,
+  outputAction: bedrock.GuardrailAction.ANONYMIZE,
+  outputEnabled: true,
+});
+```
+#### Contextual Grounding Filters
+Contextual grounding filters allow you to ensure that model responses are factually correct and relevant to the user's query. You can configure the action and enable/disable the filter.
+##### Contextual Grounding Filter Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Add contextual grounding filter with action and enabled flag
+guardrail.addContextualGroundingFilter({
+  type: bedrock.ContextualGroundingFilterType.GROUNDING,
+  threshold: 0.8,
+  // the properties below are optional
+  action: bedrock.GuardrailAction.BLOCK,
+  enabled: true,
+});
+```
+### Guardrail Methods
+| Method | Description |
+|--------|-------------|
+| `addContentFilter()` | Adds a content filter to the guardrail |
+| `addDeniedTopicFilter()` | Adds a denied topic filter to the guardrail |
+| `addWordFilter()` | Adds a word filter to the guardrail |
+| `addManagedWordListFilter()` | Adds a managed word list filter to the guardrail |
+| `addWordFilterFromFile()` | Adds word filters from a file to the guardrail |
+| `addPIIFilter()` | Adds a PII filter to the guardrail |
+| `addRegexFilter()` | Adds a regex filter to the guardrail |
+| `addContextualGroundingFilter()` | Adds a contextual grounding filter to the guardrail |
+| `createVersion()` | Creates a new version of the guardrail |
+### Guardrail Permissions
+Guardrails provide methods to grant permissions to other resources that need to interact with the guardrail.
+#### Permission Methods
+| Method | Description | Parameters |
+|--------|-------------|------------|
+| `grant(grantee, ...actions)` | Grants the given principal identity permissions to perform actions on this guardrail | `grantee`: The principal to grant permissions to<br>`actions`: The actions to grant (e.g., `bedrock:GetGuardrail`, `bedrock:ListGuardrails`) |
+| `grantApply(grantee)` | Grants the given identity permissions to apply the guardrail | `grantee`: The principal to grant permissions to |
+#### Permission Examples
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+const lambdaFunction = new lambda.Function(this, 'testLambda', {
+  runtime: lambda.Runtime.PYTHON_3_12,
+  handler: 'index.handler',
+  code: lambda.Code.fromAsset(path.join(__dirname, '../lambda/my-code')),
+});
+// Grant specific permissions to a Lambda function
+guardrail.grant(lambdaFunction, 'bedrock:GetGuardrail', 'bedrock:ListGuardrails');
+// Grant permissions to apply the guardrail
+guardrail.grantApply(lambdaFunction);
+```
+### Guardrail Metrics
+Amazon Bedrock provides metrics for your guardrails, allowing you to monitor their effectiveness and usage. These metrics are available in CloudWatch and can be used to create dashboards and alarms.
+#### Metrics Examples
+```ts fixture=default
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Get a specific metric for this guardrail
+const invocationsMetric = guardrail.metricInvocations({
+  statistic: 'Sum',
+  period: Duration.minutes(5),
+});
+// Create a CloudWatch alarm for high invocation latency
+new cloudwatch.Alarm(this, 'HighLatencyAlarm', {
+  metric: guardrail.metricInvocationLatency(),
+  threshold: 1000, // 1 second
+  evaluationPeriods: 3,
+});
+// Get metrics for all guardrails
+const allInvocationsMetric = bedrock.Guardrail.metricAllInvocations();
+```
+### Importing Guardrails
+You can import existing guardrails using the `fromGuardrailAttributes` or `fromCfnGuardrail` methods.
+#### Import Configuration
+```ts fixture=default
+declare const stack: Stack;
+const cmk = new kms.Key(this, 'cmk', {});
+// Import an existing guardrail by ARN
+const importedGuardrail = bedrock.Guardrail.fromGuardrailAttributes(stack, 'TestGuardrail', {
+  guardrailArn: 'arn:aws:bedrock:us-east-1:123456789012:guardrail/oygh3o8g7rtl',
+  guardrailVersion: '1', //optional
+  kmsKey: cmk, //optional
+});
+```
+```ts fixture=default
+import * as bedrockl1 from 'aws-cdk-lib/aws-bedrock';
+// Import a guardrail created through the L1 CDK CfnGuardrail construct
+const l1guardrail = new bedrockl1.CfnGuardrail(this, 'MyCfnGuardrail', {
+  blockedInputMessaging: 'blockedInputMessaging',
+  blockedOutputsMessaging: 'blockedOutputsMessaging',
+  name: 'namemycfnguardrails',
+  wordPolicyConfig: {
+    wordsConfig: [
+      {
+        text: 'drugs',
+      },
+    ],
+  },
+});
+const importedGuardrail = bedrock.Guardrail.fromCfnGuardrail(l1guardrail);
+```
+### Guardrail Versioning
+Guardrails support versioning, allowing you to track changes and maintain multiple versions of your guardrail configurations.
+#### Version Configuration
+```ts fixture=default
+const guardrail = new bedrock.Guardrail(this, 'bedrockGuardrails', {
+  guardrailName: 'my-BedrockGuardrails',
+});
+// Create a new version of the guardrail
+guardrail.createVersion('testversion');
+```
+## Prompts
+Amazon Bedrock provides the ability to create and save prompts using Prompt management so that you can save time by applying the same prompt to different workflows. You can include variables in the prompt so that you can adjust the prompt for different use case.
+The `Prompt` resource allows you to create a new prompt.
+### Prompt Variants
+Prompt variants in the context of Amazon Bedrock refer to alternative configurations of a prompt, including its message or the model and inference configurations used. Prompt variants are the building blocks of prompts - you must create at least one prompt variant to create a prompt. Prompt variants allow you to create different versions of a prompt, test them, and save the variant that works best for your use case.
+There are three types of prompt variants:
+- **Basic Text Prompt**: Simple text-based prompts for straightforward interactions
+- **Chat variant**: Conversational prompts that support system messages, user/assistant message history, and tools
+- **Agent variant**: Prompts designed to work with Bedrock Agents
+### Basic Text Prompt
+Text prompts are the simplest form of prompts, consisting of plain text instructions with optional variables. They are ideal for straightforward tasks like summarization, content generation, or question answering where you need a direct text-based interaction with the model.
+```ts fixture=default
+const cmk = new kms.Key(this, 'cmk', {});
+const claudeModel = bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_SONNET_V1_0;
+const variant1 = bedrock.PromptVariant.text({
+  variantName: 'variant1',
+  model: claudeModel,
+  promptVariables: ['topic'],
+  promptText: 'This is my first text prompt. Please summarize our conversation on: {{topic}}.',
+  inferenceConfiguration: bedrock.PromptInferenceConfiguration.text({
+    temperature: 1.0,
+    topP: 0.999,
+    maxTokens: 2000,
+  }),
+});
+const prompt1 = new bedrock.Prompt(this, 'prompt1', {
+  promptName: 'prompt1',
+  description: 'my first prompt',
+  defaultVariant: variant1,
+  variants: [variant1],
+  kmsKey: cmk,
+});
+```
+### Chat Prompt
+Use this template type when the model supports the Converse API or the Anthropic Claude Messages API. This allows you to include a System prompt and previous User messages and Assistant messages for context.
+```ts fixture=default
+const cmk = new kms.Key(this, 'cmk', {});
+const variantChat = bedrock.PromptVariant.chat({
+  variantName: 'variant1',
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0,
+  messages: [
+    bedrock.ChatMessage.user('From now on, you speak Japanese!'),
+    bedrock.ChatMessage.assistant('Konnichiwa!'),
+    bedrock.ChatMessage.user('From now on, you speak {{language}}!'),
+  ],
+  system: 'You are a helpful assistant that only speaks the language you`re told.',
+  promptVariables: ['language'],
+  toolConfiguration: {
+    toolChoice: bedrock.ToolChoice.AUTO,
+    tools: [
+      bedrock.Tool.function({
+        name: 'top_song',
+        description: 'Get the most popular song played on a radio station.',
+        inputSchema: {
+          type: 'object',
+          properties: {
+            sign: {
+              type: 'string',
+              description: 'The call sign for the radio station for which you want the most popular song. Example calls signs are WZPZ and WKR.',
+            },
+          },
+          required: ['sign'],
+        },
+      }),
+    ],
+  },
+});
+new bedrock.Prompt(this, 'prompt1', {
+  promptName: 'prompt-chat',
+  description: 'my first chat prompt',
+  defaultVariant: variantChat,
+  variants: [variantChat],
+  kmsKey: cmk,
+});
+```
+### Agent Prompt
+Agent prompts are designed to work with Bedrock Agents, allowing you to create prompts that can be used by agents to perform specific tasks. Agent prompts use text prompts as their foundation and can reference agent aliases and include custom instructions for how the agent should behave.
+```ts fixture=default
+const cmk = new kms.Key(this, 'cmk', {});
+// Assuming you have an existing agent and alias
+const agent = bedrock.Agent.fromAgentAttributes(this, 'ImportedAgent', {
+  agentArn: 'arn:aws:bedrock:region:account:agent/agent-id',
+  roleArn: 'arn:aws:iam::account:role/agent-role',
+});
+const agentAlias = bedrock.AgentAlias.fromAttributes(this, 'ImportedAlias', {
+  aliasId: 'alias-id',
+  aliasName: 'my-alias',
+  agentVersion: '1',
+  agent: agent,
+});
+const agentVariant = bedrock.PromptVariant.agent({
+  variantName: 'agent-variant',
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0,
+  agentAlias: agentAlias,
+  promptText: 'Use the agent to help with: {{task}}. Please be thorough and provide detailed explanations.',
+  promptVariables: ['task'],
+});
+new bedrock.Prompt(this, 'agentPrompt', {
+  promptName: 'agent-prompt',
+  description: 'Prompt for agent interactions',
+  defaultVariant: agentVariant,
+  variants: [agentVariant],
+  kmsKey: cmk,
+});
+```
+### Prompt Properties
+| Property | Type | Required | Description |
+|----------|------|----------|-------------|
+| promptName | string | Yes | The name of the prompt |
+| description | string | No | A description of the prompt |
+| defaultVariant | PromptVariant | Yes | The default variant to use for the prompt |
+| variants | PromptVariant[] | No | Additional variants for the prompt |
+| kmsKey | kms.IKey | No | The KMS key to use for encrypting the prompt. Defaults to AWS managed key |
+| tags | Record<string, string> | No | Tags to apply to the prompt |
+### Prompt Version
+A prompt version is a snapshot of a prompt at a specific point in time that you create when you are satisfied with a set of configurations. Versions allow you to deploy your prompt and easily switch between different configurations for your prompt and update your application with the most appropriate version for your use-case.
+You can create a Prompt version by using the PromptVersion class or by using the .createVersion(..) on a Prompt object. It is recommended to use the .createVersion(..) method. It uses a hash based mechanism to update the version whenever a certain configuration property changes.
+```ts fixture=default
+const cmk = new kms.Key(this, 'cmk', {});
+const claudeModel = bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_SONNET_V1_0;
+const variant1 = bedrock.PromptVariant.text({
+  variantName: 'variant1',
+  model: claudeModel,
+  promptVariables: ['topic'],
+  promptText: 'This is my first text prompt. Please summarize our conversation on: {{topic}}.',
+  inferenceConfiguration: bedrock.PromptInferenceConfiguration.text({
+    temperature: 1.0,
+    topP: 0.999,
+    maxTokens: 2000,
+  }),
+});
+const prompt1 = new bedrock.Prompt(this, 'prompt1', {
+  promptName: 'prompt1',
+  description: 'my first prompt',
+  defaultVariant: variant1,
+  variants: [variant1],
+  kmsKey: cmk,
+});
+const promptVersion = new bedrock.PromptVersion(this, 'MyPromptVersion', {
+  prompt: prompt1,
+  description: 'my first version',
+});
+//or alternatively:
+// const promptVersion = prompt1.createVersion('my first version');
+const versionString = promptVersion.version;
+```
+### Import Methods
+You can use the `fromPromptAttributes` method to import an existing Bedrock Prompt into your CDK application.
+```ts fixture=default
+// Import an existing prompt by ARN
+const importedPrompt = bedrock.Prompt.fromPromptAttributes(this, 'ImportedPrompt', {
+  promptArn: 'arn:aws:bedrock:region:account:prompt/prompt-id',
+  kmsKey: kms.Key.fromKeyArn(this, 'ImportedKey', 'arn:aws:kms:region:account:key/key-id'), // optional
+  promptVersion: '1', // optional, defaults to 'DRAFT'
+});
+```
+## Inference Profiles
+Amazon Bedrock Inference Profiles provide a way to manage and optimize inference configurations for your foundation models. They allow you to define reusable configurations that can be applied across different prompts and agents.
+### Using Inference Profiles
+Inference profiles can be used with prompts and agents to maintain consistent inference configurations across your application.
+#### With Agents
+```ts fixture=default
+// Create a cross-region inference profile
+const crossRegionProfile = bedrock.CrossRegionInferenceProfile.fromConfig({
+  geoRegion: bedrock.CrossRegionInferenceProfileRegion.US,
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0,
+});
+// Use the cross-region profile with an agent
+const agent = new bedrock.Agent(this, 'Agent', {
+  foundationModel: crossRegionProfile,
+  instruction: 'You are a helpful and friendly agent that answers questions about agriculture.',
+});
+```
+#### With Prompts
+```ts fixture=default
+// Create a prompt router for intelligent model selection
+const promptRouter = bedrock.PromptRouter.fromDefaultId(
+  bedrock.DefaultPromptRouterIdentifier.ANTHROPIC_CLAUDE_V1,
+  'us-east-1'
+);
+// Use the prompt router with a prompt variant
+const variant = bedrock.PromptVariant.text({
+  variantName: 'variant1',
+  promptText: 'What is the capital of France?',
+  model: promptRouter,
+});
+new bedrock.Prompt(this, 'Prompt', {
+  promptName: 'prompt-router-test',
+  variants: [variant],
+});
+```
+### Types of Inference Profiles
+Amazon Bedrock offers two types of inference profiles:
+#### Application Inference Profiles
+Application inference profiles are user-defined profiles that help you track costs and model usage. They can be created for a single region or for multiple regions using a cross-region inference profile.
+##### Single Region Application Profile
+```ts fixture=default
+// Create an application inference profile for one Region
+const appProfile = new bedrock.ApplicationInferenceProfile(this, 'MyApplicationProfile', {
+  applicationInferenceProfileName: 'claude-3-sonnet-v1',
+  modelSource: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_SONNET_V1_0,
+  description: 'Application profile for cost tracking',
+  tags: {
+    Environment: 'Production',
+  },
+});
+```
+##### Multi-Region Application Profile
+```ts fixture=default
+// Create a cross-region inference profile
+const crossRegionProfile = bedrock.CrossRegionInferenceProfile.fromConfig({
+  geoRegion: bedrock.CrossRegionInferenceProfileRegion.US,
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V2_0,
+});
+// Create an application inference profile across regions
+const appProfile = new bedrock.ApplicationInferenceProfile(this, 'MyMultiRegionProfile', {
+  applicationInferenceProfileName: 'claude-35-sonnet-v2-multi-region',
+  modelSource: crossRegionProfile,
+  description: 'Multi-region application profile for cost tracking',
+});
+```
+#### System Defined Inference Profiles
+Cross-region inference enables you to seamlessly manage unplanned traffic bursts by utilizing compute across different AWS Regions. With cross-region inference, you can distribute traffic across multiple AWS Regions, enabling higher throughput and enhanced resilience during periods of peak demands.
+Before using a CrossRegionInferenceProfile, ensure that you have access to the models and regions defined in the inference profiles. For instance, if you use the system defined inference profile "us.anthropic.claude-3-5-sonnet-20241022-v2:0", inference requests will be routed to US East (Virginia) us-east-1, US East (Ohio) us-east-2 and US West (Oregon) us-west-2. Thus, you need to have model access enabled in those regions for the model anthropic.claude-3-5-sonnet-20241022-v2:0.
+##### System Defined Profile Configuration
+```ts fixture=default
+const crossRegionProfile = bedrock.CrossRegionInferenceProfile.fromConfig({
+  geoRegion: bedrock.CrossRegionInferenceProfileRegion.US,
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V2_0,
+});
+```
+### Prompt Routers
+Amazon Bedrock intelligent prompt routing provides a single serverless endpoint for efficiently routing requests between different foundational models within the same model family. It can help you optimize for response quality and cost. They offer a comprehensive solution for managing multiple AI models through a single serverless endpoint, simplifying the process for you. Intelligent prompt routing predicts the performance of each model for each request, and dynamically routes each request to the model that it predicts is most likely to give the desired response at the lowest cost.
+#### Default and Custom Prompt Routers
+```ts fixture=default
+// Use a default prompt router
+const variant = bedrock.PromptVariant.text({
+  variantName: 'variant1',
+  promptText: 'What is the capital of France?',
+  model: bedrock.PromptRouter.fromDefaultId(
+    bedrock.DefaultPromptRouterIdentifier.ANTHROPIC_CLAUDE_V1,
+    'us-east-1'
+  ),
+});
+new bedrock.Prompt(this, 'Prompt', {
+  promptName: 'prompt-router-test',
+  variants: [variant],
+});
+```
+### Inference Profile Permissions
+Use the `grantProfileUsage` method to grant appropriate permissions to resources that need to use the inference profile.
+#### Granting Profile Usage Permissions
+```ts fixture=default
+// Create an application inference profile
+const profile = new bedrock.ApplicationInferenceProfile(this, 'MyProfile', {
+  applicationInferenceProfileName: 'my-profile',
+  modelSource: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_SONNET_4_5_V1_0,
+});
+// Create a Lambda function
+const lambdaFunction = new lambda.Function(this, 'MyFunction', {
+  runtime: lambda.Runtime.PYTHON_3_11,
+  handler: 'index.handler',
+  code: lambda.Code.fromInline('def handler(event, context): return "Hello"'),
+});
+// Grant the Lambda function permission to use the inference profile
+profile.grantProfileUsage(lambdaFunction);
+// Use a system defined inference profile
+const crossRegionProfile = bedrock.CrossRegionInferenceProfile.fromConfig({
+  geoRegion: bedrock.CrossRegionInferenceProfileRegion.US,
+  model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_SONNET_4_5_V1_0,
+});
+// Grant permissions to use the cross-region inference profile
+crossRegionProfile.grantProfileUsage(lambdaFunction);
+```
+The `grantProfileUsage` method adds the necessary IAM permissions to the resource, allowing it to use the inference profile. This includes permissions to call `bedrock:GetInferenceProfile` and `bedrock:ListInferenceProfiles` actions on the inference profile resource.
+### Inference Profiles Import Methods
+You can import existing application inference profiles using the following methods:
+```ts fixture=default
+// Import an inference profile through attributes
+const importedProfile = bedrock.ApplicationInferenceProfile.fromApplicationInferenceProfileAttributes(
+  this,
+  'ImportedProfile',
+  {
+    inferenceProfileArn: 'arn:aws:bedrock:us-east-1:123456789012:application-inference-profile/my-profile-id',
+    inferenceProfileIdentifier: 'my-profile-id',
+  }
+);
+```
+You can also import an application inference profile from an existing L1 CloudFormation construct:
+```ts fixture=default
+// Create or reference an existing L1 CfnApplicationInferenceProfile
+const cfnProfile = new aws_bedrock_cfn.CfnApplicationInferenceProfile(this, 'CfnProfile', {
+  inferenceProfileName: 'my-cfn-profile',
+  modelSource: {
+    copyFrom: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0.invokableArn,
+  },
+  description: 'Profile created via L1 construct',
+});
+// Import the L1 construct as an L2 ApplicationInferenceProfile
+const importedFromCfn = bedrock.ApplicationInferenceProfile.fromCfnApplicationInferenceProfile(cfnProfile);
+// Grant permissions to use the imported profile
+const lambdaFunction = new lambda.Function(this, 'MyFunction', {
+  runtime: lambda.Runtime.PYTHON_3_11,
+  handler: 'index.handler',
+  code: lambda.Code.fromInline('def handler(event, context): return "Hello"'),
+});
+importedFromCfn.grantProfileUsage(lambdaFunction);
+```