A serverless AI-powered system for moderating and summarizing product reviews using Amazon Nova Premier with comprehensive audit trails and compliance reporting.
The AI Compliance Auditor provides enterprise-grade content moderation with:
- AI Analysis: Uses Amazon Nova Premier (inference profile) for intelligent toxicity, bias, and hallucination detection
- Policy-Compliant Summarization: Generates factual summaries while filtering out policy-violating content
- Comprehensive Audit Trails: Logs all AI decisions and processing steps for regulatory compliance
- Real-time Monitoring: CloudWatch dashboards for content moderation metrics
- Flexible Compliance Modes: Standard, strict, and mild compliance thresholds
- Cross-Region Scalability: Uses Nova Premier inference profiles for high availability
The system uses a serverless architecture built on AWS with AI integration:
- AWS Step Functions: Orchestrates the review processing pipeline
- AWS Lambda: Processes individual steps (analysis, validation, logging, summarization)
- Amazon Bedrock Nova Premier: AI analysis using inference profile
us.amazon.nova-premier-v1:0 - AWS Verified Permissions: Cedar policy engine for content moderation
- Amazon DynamoDB: Structured audit log storage with TTL
- Amazon OpenSearch: Searchable audit logs and real-time dashboards
- Amazon S3: Compliance report storage
- API Gateway: RESTful API for review submission
- Toxicity Detection: Identifies hate speech, harassment, threats, profanity
- Bias Detection: Detects unfair generalizations and discriminatory language
- Hallucination Detection: Identifies false claims and impossible statements
- Intelligent Summarization: Context-aware review summaries based on sentiment
- Standard Mode: Balanced thresholds (Toxicity: 5, Bias: 4, Hallucination: 6)
- Strict Mode: Conservative thresholds (Toxicity: 3, Bias: 2, Hallucination: 4)
- Mild Mode: Permissive thresholds (Toxicity: 8, Bias: 7, Hallucination: 8)
βββ src/ # CDK TypeScript infrastructure code
β βββ app.ts # CDK app entry point
β βββ ai-compliance-auditor-stack.ts # Main stack definition
βββ lambda/ # Lambda function code
β βββ common/ # Shared utilities
β βββ layers/shared/ # Lambda layer dependencies
β βββ review-auditor/ # Nova Premier analysis Lambda
β β βββ handler.py # Bedrock integration
β βββ policy-validator/ # Policy validation Lambda
β βββ review-summarizer/ # AI summarization Lambda
β β βββ handler.py # Nova Premier summarization
β βββ audit-logger/ # Audit logging Lambda
β βββ report-generator/ # Report generation Lambda
βββ scripts/ # Build and deployment scripts
- Node.js 20+ and npm
- Python 3.12+
- AWS CLI configured with appropriate permissions
- AWS CDK CLI v2.156.0+
- Amazon Bedrock access with Nova Premier model enabled
- Clone and install dependencies:
git clone https://github.com/awsdataarchitect/ai-compliance-auditor
cd ai-compliance-auditor
npm install- Build Lambda layer dependencies:
chmod +x scripts/build-layer.sh
./scripts/build-layer.sh- Build the CDK project:
npm run build- Bootstrap CDK (first time only):
npx cdk bootstrap- Deploy the infrastructure:
npm run deployThe system requires the following IAM permissions for Nova Premier:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:Converse",
"bedrock:ConverseStream"
],
"Resource": [
"arn:aws:bedrock:*::foundation-model/amazon.nova-premier-v1:0",
"arn:aws:bedrock:*:*:inference-profile/us.amazon.nova-premier-v1:0"
]
}
]
}After deployment, find your API Gateway URL in the CDK output:
npm run deploy
# Look for: ReviewSubmissionEndpoint = https://<your-api-id>.execute-api.us-east-1.amazonaws.com/v1/reviewscurl -X POST https://<your-api-id>.execute-api.us-east-1.amazonaws.com/v1/reviews \
-H "Content-Type: application/json" \
-d '{
"product_id": "test-product-001",
"user_id": "test-user-001",
"content": "Great product! Works well and arrived quickly. Good value for money.",
"rating": 4,
"region": "us-east-1",
"product_category": "electronics",
"compliance_mode": "standard"
}'Expected Response:
{
"statusCode": 200,
"result": "SUCCESS",
"policy_decision": "APPROVED",
"analysis_summary": {
"toxicity_score": 0,
"bias_score": 0,
"hallucination_score": 0
},
"summary": "This product is highly rated for its quality, functionality, and value, with quick delivery.",
"policy_reasons": ["CONTENT_APPROVED"]
}curl -X POST https://<your-api-id>.execute-api.us-east-1.amazonaws.com/v1/reviews \
-H "Content-Type: application/json" \
-d '{
"product_id": "test-product-002",
"user_id": "test-user-002",
"content": "This product is terrible! It broke immediately and the company refuses to help.",
"rating": 1,
"region": "us-east-1",
"product_category": "electronics",
"compliance_mode": "standard"
}'Expected Response:
{
"statusCode": 200,
"result": "SUCCESS",
"policy_decision": "APPROVED",
"analysis_summary": {
"toxicity_score": 2,
"bias_score": 1,
"hallucination_score": 5
},
"summary": "The product received poor feedback for breaking immediately and lacking company support.",
"policy_reasons": ["CONTENT_APPROVED"]
}curl -X POST https://<your-api-id>.execute-api.us-east-1.amazonaws.com/v1/reviews \
-H "Content-Type: application/json" \
-d '{
"product_id": "test-product-003",
"user_id": "test-user-003",
"content": "This product is terrible! It broke immediately and the company refuses to help.",
"rating": 1,
"region": "us-east-1",
"product_category": "electronics",
"compliance_mode": "strict"
}'Expected Response:
{
"statusCode": 200,
"result": "REJECTED",
"policy_decision": "DENIED",
"analysis_summary": {
"toxicity_score": 2,
"bias_score": 1,
"hallucination_score": 5
},
"policy_reasons": ["HALLUCINATION_THRESHOLD_EXCEEDED"],
"rejection_explanation": "Content rejected based on strict compliance mode"
}curl -X POST https://<your-api-id>.execute-api.us-east-1.amazonaws.com/v1/reviews \
-H "Content-Type: application/json" \
-d '{
"product_id": "test-product-004",
"user_id": "test-user-004",
"content": "Short",
"rating": 4,
"region": "us-east-1",
"product_category": "electronics",
"compliance_mode": "standard"
}'Expected Response:
{
"message": "Invalid request body"
}Check Step Functions Execution:
aws stepfunctions list-executions \
--state-machine-arn arn:aws:states:us-east-1:<account-id>:stateMachine:ai-compliance-auditor-workflow \
--region us-east-1Check Audit Logs in DynamoDB:
aws dynamodb scan \
--table-name ai-compliance-audit-logs \
--limit 5 \
--region us-east-1Check CloudWatch Logs:
aws logs describe-log-groups \
--log-group-name-prefix "/aws/lambda/ai-compliance" \
--region us-east-1| Test Case | Compliance Mode | Expected Result | Purpose |
|---|---|---|---|
| Positive review | Standard | APPROVED | Verify normal operation |
| Negative review | Standard | APPROVED | Test nuanced analysis |
| Negative review | Strict | REJECTED | Test policy flexibility |
| Short content | Any | Validation Error | Test input validation |
| Different categories | Standard | APPROVED | Test category handling |
- Response Time: Should be 3-5 seconds for AI analysis
- Success Rate: Should be 100% for valid requests
- Concurrent Requests: System handles multiple simultaneous requests
- 500 errors: Check CloudWatch logs for Lambda function errors
- Timeout: Verify Bedrock model availability and permissions
- Validation errors: Ensure request body matches required schema
npm run build- Compile TypeScript to JavaScriptnpm run watch- Watch for changes and rebuild automaticallynpm test- Run Jest testsnpm run cdk- Run CDK CLI commandsnpm run deploy- Deploy the stack to AWSnpm run destroy- Destroy the stack from AWSnpm run synth- Synthesize CloudFormation templatenpm run diff- Show differences between deployed and local stack
Run the test suite:
npm testRun tests in watch mode:
npm run test -- --watchDeploy to AWS:
npm run deployDeploy with specific context:
npx cdk deploy --context environment=prodCheck what will be deployed:
npm run diffThe system uses AWS Systems Manager Parameter Store for configuration:
/ai-compliance/toxicity_threshold: Maximum allowed toxicity score (0-10)/ai-compliance/bias_threshold: Maximum allowed bias score (0-10)/ai-compliance/hallucination_threshold: Maximum allowed hallucination score (0-10)/ai-compliance/bedrock_model_id: Nova Premier inference profile ID/ai-compliance/prompt_version: Prompt template version
{
"toxicity_score": 0,
"bias_score": 0,
"hallucination_score": 0,
"explanations": {
"toxicity": "The review contains no hate speech, harassment, threats, profanity, offensive language, or personal attacks.",
"bias": "The review does not exhibit unfair generalizations, discriminatory language, or prejudiced statements.",
"hallucination": "The statements made in the review are factual and do not contain false claims, impossible statements, or contradictions."
}
}{
"toxicity_score": 2,
"bias_score": 1,
"hallucination_score": 5,
"explanations": {
"toxicity": "Review expresses frustration but contains no personal attacks or hate speech.",
"bias": "No discriminatory language detected.",
"hallucination": "Some claims about product failure may require verification."
}
}- CloudWatch: Lambda function metrics and logs
- DynamoDB: Complete audit trail with AI explanations
- Step Functions: Workflow execution monitoring
- Processing Time: ~3-5 seconds for AI analysis
- Success Rate: 100% for valid requests
- AI Model: Amazon Nova Premier inference profile
- Throughput: Scales automatically with demand
- Data Encryption: All data encrypted at rest and in transit
- VPC Isolation: Sensitive components isolated in private subnets
- IAM Roles: Least privilege access with specific Bedrock permissions
- SSL/TLS: Enforced for all API endpoints
- Audit Logging: Complete trail of all AI decisions and policy applications
- TTL Cleanup: Automatic data retention management
- Amazon Nova Premier inference profile
- Cross-region availability and scaling
- Intelligent content analysis with explanations
- Multiple compliance modes
- Configurable thresholds
- Cedar-based policy validation
- Every AI decision logged
- Policy application tracking
- Regulatory compliance ready
- Serverless architecture
- Auto-scaling capabilities
- Comprehensive monitoring
- Cold Start: ~800ms (Lambda initialization)
- Warm Execution: ~3-5 seconds (AI processing)
- Throughput: Unlimited (serverless scaling)
- Availability: 99.9% (multi-AZ deployment)
Submit a review for AI analysis and compliance checking.
Request Body:
product_id(string, required): Unique product identifieruser_id(string, required): User identifiercontent(string, required): Review content (10-5000 characters)rating(number, required): Rating 1-5region(string, required): AWS regionproduct_category(string, required): Product categorycompliance_mode(string, required): "standard", "strict", or "mild"
Response:
statusCode(number): HTTP status coderesult(string): "SUCCESS" or "REJECTED"policy_decision(string): "APPROVED" or "DENIED"analysis_summary(object): AI analysis scoressummary(string): AI-generated summary (if approved)policy_reasons(array): Reasons for decision
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
MIT License - see LICENSE file for details.
For issues and questions:
- Check the CloudWatch logs
- Review the audit trail in DynamoDB
- Monitor Step Functions execution
- Check Bedrock model availability