Add Image Filter Support and Complete AWS Cloud Control API Schema Compliance for Bedrock Guardrails #161
Description
Problem Statement
The Terraform AWS Bedrock module's guardrail implementation was missing support for:
- Image content filtering - The AWS Bedrock Guardrails service supports filtering both text and image content, but the module only supported text filters
- Proper type definitions - Many guardrail configuration variables used
list(map(string))instead of properly typed object structures matching the AWS Cloud Control API schema - Missing optional fields - Several optional fields from the AWS Cloud Control API schema were not properly defined
- Missing automated reasoning policy - The
automated_reasoning_policy_configfeature was completely missing
Impact
- Users cannot configure image content filters for guardrails
- Type safety is reduced due to loose typing (
list(map(string))) - Some AWS Cloud Control API features are not accessible through the module
- Missing fields prevent full utilization of guardrail capabilities
Solution
This PR adds #162:
- ✅ Image filter support via
input_modalitiesandoutput_modalitiesfields infilters_config - ✅ Proper type definitions - Converted all guardrail config variables from
list(map(string))to properly typedlist(object({...}))structures - ✅ Complete schema compliance - Added all optional fields matching the AWS Cloud Control API schema
- ✅ Automated reasoning policy - Added support for
automated_reasoning_policy_config - ✅ Improved conditional logic - Made policy configurations properly conditional (only set when needed)
Changes Made
1. Image Filter Support
- Updated
filters_configto supportinput_modalitiesandoutput_modalities(List of String) - Users can now specify
["TEXT"],["IMAGE"], or["TEXT", "IMAGE"]for content filtering - Updated examples and documentation to demonstrate image filter usage
2. Type Improvements
filters_config:list(map(string))→list(object({...}))with all optional fieldscontextual_grounding_policy_filters:list(map(string))→list(object({...}))pii_entities_config:list(map(string))→list(object({...}))with input/output action/enabled fieldsregexes_config:list(map(string))→list(object({...}))with all optional fieldsmanaged_word_lists_config:list(map(string))→list(object({...}))with input/output fieldswords_config:list(map(string))→list(object({...}))with input/output fieldstopics_config: Added missing optional fields (input_action,input_enabled,output_action,output_enabled)
3. New Features
- Added
automated_reasoning_policy_configvariable and resource configuration - All fields are optional for backward compatibility
4. Resource Configuration Improvements
- Made
content_policy_configconditional (only set if filters or tier config provided) - Made
sensitive_information_policy_configconditional - Made
word_policy_configconditional
Files Changed
variables.tf- Updated all guardrail-related variable types and added new variablemain.tf- Updated guardrail resource configurationexamples/agent-with-guardrails/main.tf- Updated example to show image filter support.header.md- Updated documentation with image filter examples
Backward Compatibility
✅ All changes are backward compatible - All fields are optional, so existing code will continue to work without modification.
Testing
- Verified no linter errors
- Updated examples to demonstrate new features
- All optional fields properly typed
- Conditional logic properly implemented
References
- AWS Cloud Control API Schema: awscc_bedrock_guardrail
- AWS Bedrock Guardrails Image Filter Documentation: Guardrails Multimodal Filters