Configure Prompt Attack Filter with the highest strength for Amazon Bedrock Guardrails.
bedrock_guardrail_prompt_attack_filter_enabled
Ensure that prompt attack filter strength is set to HIGH for Amazon Bedrock guardrails to mitigate prompt injection and bypass techniques.
Risk
If prompt attack filter strength is not set to HIGH, Bedrock models may be more vulnerable to prompt injection attacks or jailbreak attempts, which could allow harmful or sensitive content to bypass filters and reach end users.
Run this check with Prowler CLI
prowler aws --checks bedrock_guardrail_prompt_attack_filter_enabled
ARN template
arn:partition:bedrock:region:account-id:guardrails/resource-id
Remediation
aws bedrock put-guardrails-configuration --guardrails-config 'promptAttackStrength=HIGH'
https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Bedrock/prompt-attack-strength.html
Set the prompt attack filter strength to HIGH for Amazon Bedrock guardrails to prevent prompt injection attacks and ensure robust protection against content manipulation.
Source Code
Resource Type
Other