AWS CLI Command Reference

[ aws . bedrock-runtime ]

invoke-guardrail-checks

Description

Evaluates messages against inline guardrail checks. You specify the check configurations directly in the request, and Amazon Bedrock returns per-check results with severity or confidence scores.

See also: AWS API Documentation

Synopsis

  invoke-guardrail-checks
--messages <value>
--checks <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
[--cli-error-format <value>]

Options

--messages (list) [required]

The messages to evaluate against the specified guardrail checks. Each message includes a role and one or more content blocks.

Constraints:

  • min: 1

(structure)

A message to evaluate against guardrail checks, containing a role and content blocks.

role -> (string) [required]

The role of the message sender.

Possible values:

  • user
  • assistant
  • system

content -> (list) [required]

The content blocks for the message.

Constraints:

  • min: 1

(tagged union structure)

A content block within a message to evaluate.

Note

This is a Tagged Union structure. Only one of the following top level keys can be set: text.

text -> (string)

The text content to evaluate.

Constraints:

  • min: 1

Shorthand Syntax:

role=string,content=[{text=string},{text=string}] ...

JSON Syntax:

[
  {
    "role": "user"|"assistant"|"system",
    "content": [
      {
        "text": "string"
      }
      ...
    ]
  }
  ...
]

--checks (structure) [required]

The inline check configurations that specify which guardrail checks to run against the messages.

contentFilter -> (structure)

The content filter check configuration.

categories -> (list) [required]

The content filter categories to evaluate.

Constraints:

  • min: 1
  • max: 5

(structure)

The configuration for a single content filter category to evaluate.

category -> (string) [required]

The content filter category to evaluate.

Possible values:

  • VIOLENCE
  • HATE
  • SEXUAL
  • MISCONDUCT
  • INSULTS

promptAttack -> (structure)

The prompt attack check configuration.

categories -> (list) [required]

The prompt attack categories to evaluate.

Constraints:

  • min: 1
  • max: 3

(structure)

The configuration for a single prompt attack category to evaluate.

category -> (string) [required]

The prompt attack category to evaluate.

Possible values:

  • JAILBREAK
  • PROMPT_INJECTION
  • PROMPT_LEAKAGE

sensitiveInformation -> (structure)

The sensitive information check configuration.

entities -> (list) [required]

The sensitive information entity types to detect.

Constraints:

  • min: 1
  • max: 31

(structure)

The configuration for a single sensitive information entity type to detect.

type -> (string) [required]

The PII entity type to detect.

Possible values:

  • ADDRESS
  • AGE
  • AWS_ACCESS_KEY
  • AWS_SECRET_KEY
  • CA_HEALTH_NUMBER
  • CA_SOCIAL_INSURANCE_NUMBER
  • CREDIT_DEBIT_CARD_CVV
  • CREDIT_DEBIT_CARD_EXPIRY
  • CREDIT_DEBIT_CARD_NUMBER
  • DRIVER_ID
  • EMAIL
  • INTERNATIONAL_BANK_ACCOUNT_NUMBER
  • IP_ADDRESS
  • LICENSE_PLATE
  • MAC_ADDRESS
  • NAME
  • PASSWORD
  • PHONE
  • PIN
  • SWIFT_CODE
  • UK_NATIONAL_HEALTH_SERVICE_NUMBER
  • UK_NATIONAL_INSURANCE_NUMBER
  • UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER
  • URL
  • USERNAME
  • US_BANK_ACCOUNT_NUMBER
  • US_BANK_ROUTING_NUMBER
  • US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER
  • US_PASSPORT_NUMBER
  • US_SOCIAL_SECURITY_NUMBER
  • VEHICLE_IDENTIFICATION_NUMBER

JSON Syntax:

{
  "contentFilter": {
    "categories": [
      {
        "category": "VIOLENCE"|"HATE"|"SEXUAL"|"MISCONDUCT"|"INSULTS"
      }
      ...
    ]
  },
  "promptAttack": {
    "categories": [
      {
        "category": "JAILBREAK"|"PROMPT_INJECTION"|"PROMPT_LEAKAGE"
      }
      ...
    ]
  },
  "sensitiveInformation": {
    "entities": [
      {
        "type": "ADDRESS"|"AGE"|"AWS_ACCESS_KEY"|"AWS_SECRET_KEY"|"CA_HEALTH_NUMBER"|"CA_SOCIAL_INSURANCE_NUMBER"|"CREDIT_DEBIT_CARD_CVV"|"CREDIT_DEBIT_CARD_EXPIRY"|"CREDIT_DEBIT_CARD_NUMBER"|"DRIVER_ID"|"EMAIL"|"INTERNATIONAL_BANK_ACCOUNT_NUMBER"|"IP_ADDRESS"|"LICENSE_PLATE"|"MAC_ADDRESS"|"NAME"|"PASSWORD"|"PHONE"|"PIN"|"SWIFT_CODE"|"UK_NATIONAL_HEALTH_SERVICE_NUMBER"|"UK_NATIONAL_INSURANCE_NUMBER"|"UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER"|"URL"|"USERNAME"|"US_BANK_ACCOUNT_NUMBER"|"US_BANK_ROUTING_NUMBER"|"US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER"|"US_PASSPORT_NUMBER"|"US_SOCIAL_SECURITY_NUMBER"|"VEHICLE_IDENTIFICATION_NUMBER"
      }
      ...
    ]
  }
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.

--output (string)

The formatting style for command output.

  • json
  • text
  • table
  • yaml
  • yaml-stream
  • off

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64
  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

--cli-error-format (string)

The formatting style for error output. By default, errors are displayed in enhanced format.

  • legacy
  • json
  • yaml
  • text
  • table
  • enhanced

Output

results -> (structure)

The per-check results containing findings from the guardrail evaluation.

contentFilter -> (structure)

The content filter check results.

results -> (list) [required]

The per-category content filter results.

(structure)

The evaluation result for a single content filter category.

category -> (string) [required]

The content filter category that was evaluated.

Possible values:

  • VIOLENCE
  • HATE
  • SEXUAL
  • MISCONDUCT
  • INSULTS

severityScore -> (double) [required]

The severity score for the category, ranging from 0.0 to 1.0. Higher values indicate greater severity.

Constraints:

  • min: 0.0
  • max: 1.0

promptAttack -> (structure)

The prompt attack check results.

results -> (list) [required]

The per-category prompt attack results.

(structure)

The evaluation result for a single prompt attack category.

category -> (string) [required]

The prompt attack category that was evaluated.

Possible values:

  • JAILBREAK
  • PROMPT_INJECTION
  • PROMPT_LEAKAGE

severityScore -> (double) [required]

The severity score for the category, ranging from 0.0 to 1.0. Higher values indicate greater severity.

Constraints:

  • min: 0.0
  • max: 1.0

sensitiveInformation -> (structure)

The sensitive information check results.

results -> (list) [required]

The detected sensitive information entities.

(structure)

The detection result for a single sensitive information entity found in the evaluated messages.

type -> (string) [required]

The PII entity type that was detected.

Possible values:

  • ADDRESS
  • AGE
  • AWS_ACCESS_KEY
  • AWS_SECRET_KEY
  • CA_HEALTH_NUMBER
  • CA_SOCIAL_INSURANCE_NUMBER
  • CREDIT_DEBIT_CARD_CVV
  • CREDIT_DEBIT_CARD_EXPIRY
  • CREDIT_DEBIT_CARD_NUMBER
  • DRIVER_ID
  • EMAIL
  • INTERNATIONAL_BANK_ACCOUNT_NUMBER
  • IP_ADDRESS
  • LICENSE_PLATE
  • MAC_ADDRESS
  • NAME
  • PASSWORD
  • PHONE
  • PIN
  • SWIFT_CODE
  • UK_NATIONAL_HEALTH_SERVICE_NUMBER
  • UK_NATIONAL_INSURANCE_NUMBER
  • UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER
  • URL
  • USERNAME
  • US_BANK_ACCOUNT_NUMBER
  • US_BANK_ROUTING_NUMBER
  • US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER
  • US_PASSPORT_NUMBER
  • US_SOCIAL_SECURITY_NUMBER
  • VEHICLE_IDENTIFICATION_NUMBER

confidenceScore -> (double) [required]

The confidence score for the detection, ranging from 0.0 to 1.0. Higher values indicate greater confidence.

Constraints:

  • min: 0.0
  • max: 1.0

beginOffset -> (integer) [required]

The start character offset of the detected entity within the content block.

Constraints:

  • min: 0

endOffset -> (integer) [required]

The end character offset of the detected entity within the content block.

Constraints:

  • min: 0

messageIndex -> (integer) [required]

The zero-based index of the message in the input messages array where the entity was detected.

Constraints:

  • min: 0

contentIndex -> (integer) [required]

The zero-based index of the content block within the message where the entity was detected.

Constraints:

  • min: 0

truncated -> (boolean)

Specifies whether the results were truncated because the number of detected entities exceeded the maximum limit.

usage -> (structure)

The per-check text unit consumption for the guardrail evaluation.

contentFilter -> (structure)

The text unit usage for the content filter check.

textUnits -> (integer) [required]

The number of text units consumed by the content filter check.

promptAttack -> (structure)

The text unit usage for the prompt attack check.

textUnits -> (integer) [required]

The number of text units consumed by the prompt attack check.

sensitiveInformation -> (structure)

The text unit usage for the sensitive information check.

textUnits -> (integer) [required]

The number of text units consumed by the sensitive information check.
© Copyright 2026, Amazon Web Services. Created using Sphinx.