Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_bedrock_guardrail resource not deleting Pii types on removal from terraform #41505

Open
Abdeali-Sayadawala opened this issue Feb 21, 2025 · 1 comment
Open

[Bug]: aws_bedrock_guardrail resource not deleting Pii types on removal from terraform #41505

Abdeali-Sayadawala opened this issue Feb 21, 2025 · 1 comment
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/bedrock Issues and PRs that pertain to the bedrock service.

Comments

@Abdeali-Sayadawala
Copy link

Terraform Core Version

1.10.5

AWS Provider Version

5.88.0

Affected Resource(s)

aws_bedrock_guardrail

Expected Behavior

It should delete the PII types from Sensitive information filters in AWS bedrock guardrail if I remove pii_entities_config for that PII type from sensitive_information_policy_config section in terraform

Actual Behavior

When I remove pii_entities_config section for a specific PII type, it doesn't get removed from the console. I have to make a small change into the description of the aws_bedrock_guardrail resource and then it removes the PII type from the console on terraform apply.

Relevant Error/Panic Output Snippet



Terraform Configuration Files


resource "aws_bedrock_guardrail" "ca_guardrail" { name="CA_Guardraill_us-east-1" count=1 blocked_input_messaging   = "Your inputs must not contain any PII" blocked_outputs_messaging = "Your outputs must not contain any PII" sensitive_information_policy_config { pii_entities_config { action = "BLOCK" type   = "NAME" } pii_entities_config { action = "BLOCK" type   = "ADDRESS" } pii_entities_config { action = "BLOCK" type   = "AWS_SECRET_KEY" } pii_entities_config { action = "BLOCK" type   = "DRIVER_ID" } } description = "Guardrail Version 2" }


Steps to Reproduce


    

  1. Create a bedrock gaurd rail
    2. 

  2. Add Pii entities in Sensitive information filters using sensitive_information_policy_config.
    3. 

  3. run terraforn apply and deploy changes.
    4. 

  4. Remove any one or two pii entries from the sensitive_information_policy_config.
    5. 

  5. run terraforn apply and deploy changes.
    
This should delete the pii type from aws for the pii that we removed from the sensitive_information_policy_config, but it wont delete.
    6. 



Debug Output


No response


Panic Output


No response


Important Factoids


No response


References


No response


Would you like to implement a fix?


None

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @Abdeali-Sayadawala
Abdeali-Sayadawala




          added
  the 

  bug

  Addresses a defect in current functionality.
 label


      Feb 21, 2025

    

  



    

    

      
    

    


      

          @github-actions
github-actions
bot



          added
  the 

  service/bedrock

  Issues and PRs that pertain to the bedrock service.
 label


      Feb 21, 2025

    

  








      

  
      



  

  @github-actions

    
      GitHub Actions
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
Community Note


Voting for Prioritization


    

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
    • 

  • Please see our prioritization guide for information on how we prioritize.
    • 

  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
    • 



Volunteering to Work on This Issue


    

  • If you are interested in working on this issue, please leave a comment.
    • 

  • If this would be your first contribution, please review the contribution guide.
    • 


      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    

      
    

    


      

          @github-actions
github-actions
bot



          added
  the 

  needs-triage

  Waiting for first response or review from a maintainer.
 label


      Feb 21, 2025

    

  












  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                    




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Addresses a defect in current functionality.
  

    needs-triage

  Waiting for first response or review from a maintainer.
  

    service/bedrock

  Issues and PRs that pertain to the bedrock service.








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          
  

    

      

        
          

            
    

    Development
  




              
    
No branches or pull requests







        
      

    

  


      

    

  
      

  

    

      1 participant
    

    

        
          @Abdeali-Sayadawala