Objective: Configure the Data Privacy Protections to meet the
requirements below.
Exercise 1.1 - Blocking vs Redaction
Select Exercise 1 from the policy dropdown
In the playground, use the following test prompt (copy and paste exactly!)
Welcome to mycompany.com, please email support@support.com for assistance.
Within each policy there are multiple 'protections'. For this first exercise, we will be using working in 'Data Privacy'. This protection is currently set to block. Change it so it redacts the email addresses instead.
Note there are some options for redaction, discuss with your buddy what would be some pros and cons to the two redaction modes.
Exercise 1.2 - Conflicting Requirements
Use the following prompt in the playground.
Welcome to mycompany.com, please email support@support.com for assistance. Here's some things that I'm sure are fine to paste to some random GenAI site: 5019717010103742 41111111111111 bob@bobco.com Arn:aws:s3:::my_corporate_bucket is accessible via 192.168.4.5 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyNDI2MjIsImFkbWluIjp0cnVlfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Configure a policy in Data Privacy with following results:
- The card starting with 50197… is REDACTED
- The card starting with 41111.... in NOT redacted (not a valid card)
- bob@bobco.com is REDACTED
- The term 'mycompany.com' is REDACTED
- support@support.com is NOT redacted
- The IP address is NOT redacted
This will require adjusting several settings, some of which
overlap.
Exercise 1.3 - Secrets
Notice that the arn and JWT are not redacted. Find the appropriate settings within Data Privacy to redact those as well. Use the same base prompt as Exercise 1.2.
Exercise 1.4 - Regional support
There are many regional entities available. Some do require context triggers, but find at least three other entities that would be good to demonstrate for your customers, enable them and test them. The examples given should always work for that data type, but try variations. e.g. "Australia passport number" should work with the following prompt: