@@ -565,6 +565,78 @@ func testAccPolicy_type_UpgradeRollout(t *testing.T) {
565565 })
566566}
567567
568+ func testAccPolicy_type_S3 (t * testing.T ) {
569+ ctx := acctest .Context (t )
570+ var policy awstypes.Policy
571+ rName := sdkacctest .RandomWithPrefix (acctest .ResourcePrefix )
572+ resourceName := "aws_organizations_policy.test"
573+ // Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_s3_syntax.html
574+ s3PolicyContent := `{
575+ "s3_attributes": {
576+ "public_access_block_configuration": {
577+ "@@assign": "all"
578+ }
579+ }
580+ }`
581+
582+ resource .Test (t , resource.TestCase {
583+ PreCheck : func () {
584+ acctest .PreCheck (ctx , t )
585+ acctest .PreCheckOrganizationManagementAccount (ctx , t )
586+ },
587+ ErrorCheck : acctest .ErrorCheck (t , names .OrganizationsServiceID ),
588+ ProtoV5ProviderFactories : acctest .ProtoV5ProviderFactories ,
589+ CheckDestroy : testAccCheckPolicyDestroy (ctx ),
590+ Steps : []resource.TestStep {
591+ {
592+ Config : testAccPolicyConfig_type (rName , s3PolicyContent , string (awstypes .PolicyTypeS3Policy )),
593+ Check : resource .ComposeTestCheckFunc (
594+ testAccCheckPolicyExists (ctx , resourceName , & policy ),
595+ resource .TestCheckResourceAttr (resourceName , names .AttrType , string (awstypes .PolicyTypeS3Policy )),
596+ ),
597+ },
598+ {
599+ ResourceName : resourceName ,
600+ ImportState : true ,
601+ ImportStateVerify : true ,
602+ ImportStateVerifyIgnore : []string {names .AttrSkipDestroy },
603+ },
604+ },
605+ })
606+ }
607+
608+ func testAccPolicy_type_Bedrock (t * testing.T ) {
609+ ctx := acctest .Context (t )
610+ var policy awstypes.Policy
611+ rName := sdkacctest .RandomWithPrefix (acctest .ResourcePrefix )
612+ resourceName := "aws_organizations_policy.test"
613+
614+ resource .Test (t , resource.TestCase {
615+ PreCheck : func () {
616+ acctest .PreCheck (ctx , t )
617+ acctest .PreCheckOrganizationManagementAccount (ctx , t )
618+ },
619+ ErrorCheck : acctest .ErrorCheck (t , names .OrganizationsServiceID ),
620+ ProtoV5ProviderFactories : acctest .ProtoV5ProviderFactories ,
621+ CheckDestroy : testAccCheckPolicyDestroy (ctx ),
622+ Steps : []resource.TestStep {
623+ {
624+ Config : testAccPolicyConfig_type_Bedrock (rName ),
625+ Check : resource .ComposeTestCheckFunc (
626+ testAccCheckPolicyExists (ctx , resourceName , & policy ),
627+ resource .TestCheckResourceAttr (resourceName , names .AttrType , string (awstypes .PolicyTypeBedrockPolicy )),
628+ ),
629+ },
630+ {
631+ ResourceName : resourceName ,
632+ ImportState : true ,
633+ ImportStateVerify : true ,
634+ ImportStateVerifyIgnore : []string {names .AttrSkipDestroy },
635+ },
636+ },
637+ })
638+ }
639+
568640func testAccPolicy_importManagedPolicy (t * testing.T ) {
569641 ctx := acctest .Context (t )
570642 resourceName := "aws_organizations_policy.test"
@@ -784,6 +856,104 @@ resource "aws_organizations_policy" "test" {
784856` , strconv .Quote (content ), rName , policyType )
785857}
786858
859+ func testAccPolicyConfig_type_Bedrock (rName string ) string {
860+ return fmt .Sprintf (`
861+ data "aws_region" "current" {}
862+
863+ resource "aws_bedrock_guardrail" "test" {
864+ name = %[1]q
865+ blocked_input_messaging = "test"
866+ blocked_outputs_messaging = "test"
867+ description = "test"
868+
869+ content_policy_config {
870+ filters_config {
871+ input_strength = "MEDIUM"
872+ output_strength = "MEDIUM"
873+ type = "HATE"
874+ }
875+ filters_config {
876+ input_strength = "HIGH"
877+ output_strength = "HIGH"
878+ type = "VIOLENCE"
879+ }
880+ }
881+
882+ contextual_grounding_policy_config {
883+ filters_config {
884+ threshold = 0.4
885+ type = "GROUNDING"
886+ }
887+ }
888+
889+ sensitive_information_policy_config {
890+ pii_entities_config {
891+ action = "BLOCK"
892+ type = "NAME"
893+ }
894+ pii_entities_config {
895+ action = "BLOCK"
896+ type = "DRIVER_ID"
897+ }
898+ pii_entities_config {
899+ action = "ANONYMIZE"
900+ type = "USERNAME"
901+ }
902+ regexes_config {
903+ action = "BLOCK"
904+ description = "example regex"
905+ name = "regex_example"
906+ pattern = "^\\d{3}-\\d{2}-\\d{4}$"
907+ }
908+ }
909+
910+ topic_policy_config {
911+ topics_config {
912+ name = "investment_topic"
913+ examples = ["Where should I invest my money ?"]
914+ type = "DENY"
915+ definition = "Investment advice refers to inquiries, guidance, or recommendations regarding the management or allocation of funds or assets with the goal of generating returns ."
916+ }
917+ }
918+
919+ word_policy_config {
920+ managed_word_lists_config {
921+ type = "PROFANITY"
922+ }
923+ words_config {
924+ text = "HATE"
925+ }
926+ }
927+ }
928+
929+ resource "aws_bedrock_guardrail_version" "test" {
930+ guardrail_arn = aws_bedrock_guardrail.test.guardrail_arn
931+ }
932+
933+ resource "aws_organizations_policy" "test" {
934+ # Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_bedrock_syntax.html
935+ content = jsonencode({
936+ "bedrock": {
937+ "guardrail_inference": {
938+ "${data.aws_region.current.region}": {
939+ "config_1": {
940+ "identifier": {
941+ "@@assign": "${aws_bedrock_guardrail.test.guardrail_arn}:${aws_bedrock_guardrail_version.test.version}"
942+ },
943+ "input_tags": {
944+ "@@assign": "honor"
945+ }
946+ }
947+ }
948+ }
949+ }
950+ })
951+ name = %[1]q
952+ type = "BEDROCK_POLICY"
953+ }
954+ ` , rName )
955+ }
956+
787957func testAccPolicyConfig_skipDestroy (rName , content string ) string {
788958 return fmt .Sprintf (`
789959resource "aws_organizations_policy" "test" {
0 commit comments