Integrate Amazon Bedrock into Game Warden-Deployed Applications¶
Amazon Bedrock is a fully managed AWS service that provides access to leading foundational models through a unified API. It enables you to incorporate generative AI capabilities into your applications without the need to develop or maintain underlying machine learning infrastructure.
This guide describes when to use Amazon Bedrock on Game Warden, common use cases, service requirements and restrictions, integration steps, and compliance and monitoring requirements. Following these recommended practices will ensure a secure integration of Amazon Bedrock into applications deployed on the Game Warden platform.
New CtF/Software Approval required
The addition of Bedrock is considered a significant change, and a new Certificate to Field (CtF)/Software Approval is required. See Significant Software Changes and Authorization Requirements in Game Warden for more information.
When to use Amazon Bedrock on Game Warden¶
You can use Amazon Bedrock on Game Warden to send prompts via the Amazon Bedrock API to supported models and receive generated text, code, or summaries in real-time. Only synchronous, on-demand model invocations are supported at this time; batch processing, model customization, and advanced orchestration are currently not supported. Enabling these advanced features is on the Product Roadmap.
Use Amazon Bedrock on Game Warden when:
- The application use-case can be supported by a dedicated instance of a cloud-provider-managed Large Language Model (LLM)
- Access to foundational models such as Claude 3 Haiku or Titan Text Embeddings V2 are required
- A consistent API is needed for interfacing with multiple model providers
- Seamless integration with other AWS services (e.g., S3) is needed
- Serverless inference capabilities are required without the overhead of managing machine learning infrastructure
Common use cases include:
- Building enterprise-grade chatbots or AI copilots
- Implementing document and data summarization, content extraction, and/ or question answering systems
- Enabling natural language and semantic search, and automated content generation
- Language translation
Amazon Bedrock Agents
- At this time, Bedrock agents are not authorized for AFWERX environments.
- Bedrock Knowledge Bases are authorized and can be used in AFWERX environments.
AWS region support and Impact Level restrictions¶
Applications using Amazon Bedrock on Game Warden at Impact Levels 4 (IL4) and 5 (IL5) are limited, at this time, to the foundational models available in AWS GovCloud (US-East and US-West).
The table below outlines Bedrock support across different Impact Levels:
| Impact Level | Bedrock Support | Details |
|---|---|---|
| IL2 | ✅ Supported | Invoke on-demand models available in commercial AWS regions. |
| IL4 | ⚠️ Conditionally Supported | Invoke on-demand models available in GovCloud (US-East and US-West). Refer to Foundational models by AWS Region for more information. |
| IL5 | ⚠️ Conditionally Supported | Invoke on-demand models available in GovCloud (US-East and US-West). Refer to Foundational models by AWS Region for more information. |
| IL6 | ❌ Not Supported | Amazon Bedrock is not available for classified (IL6) environments. |
Tip
Not all Amazon Bedrock foundational models or features are available in AWS GovCloud. Verify model support before finalizing integration plans.
Integration steps¶
Define your use case
Before integrating Amazon Bedrock on Game Warden, determine how your application will use the service:
- Which foundation models will you call?
For deployments in AWS GovCloud (US-East and US-West), visit Model support by AWS Region in Amazon Bedrock to check which models are currently supported. - What is the justification for Amazon Bedrock integration?
- What data will be sent to and returned from Amazon Bedrock?
- Will any Controlled Unclassified Information (CUI) or sensitive data be processed?
Clear definition of these parameters will inform and guide Second Front’s evaluation of your use of artificial intelligence. Each deployment of Amazon Bedrock on Game Warden ensures LLM interactions, data, and usage metrics are logically and often physically separated at the AWS account and service level, aligning with enhanced security and regulatory requirements of serving national security missions.
Create a Support Ticket in the Game Warden app
In the ticket, include the following information:
- Specify the AI model(s) intended for use.
- Confirm that the AI Attestation section in the Body of Evidence (BoE) is complete.
- Provide the business justification for integrating with Amazon Bedrock.
- Describe the data that will be sent to and returned from Amazon Bedrock.
- Indicate whether any Controlled Unclassified Information (CUI) or other sensitive data will be processed.
Once approved, 2F Engineering will configure Bedrock to your application.
Note: If Bedrock is being configured for the first time, a new CtF/Software Approval is required. Please also review AWS Bedrock integration and updates for other common scenarios.
Configure IAM roles and network access
Ensure your application can securely access Bedrock:
- Configure egress routing in your Kubernetes workload for outbound access to Bedrock endpoints.
- Based on your selected region, set the AWS region to
us-gov-east-1orus-gov-west-1for IL4 and IL5 environments.
Connect to the Bedrock API
Review AWS documentation for getting started with the Bedrock API. Use the AWS SDK for Bedrock to integrate the service into your Game Warden hosted application. SDKs are available for:
- Python (Boto3)
- JavaScript
- Java
- Other languages via the AWS CLI or REST API
Commonly used open source libraries for generative AI applications, such as LangChain and LangGraph, also have integrations and abstractions for Amazon Bedrock.
Implement appropriate retry logic, rate limiting, and output validation—especially for workloads processing unstructured or dynamic input.
Upgrade AI model¶
Follow the steps below when you need to upgrade or switch AI models:
- Update your AI Attestation for the new model.
- Submit a Support Ticket in the Game Warden app for a configuration change request (see Integration steps, Step 2).
Once approved, 2F Engineering will update your Bedrock configuration to reference the new model.
Helpful resources¶
Questions?¶
If you’re unsure about your Bedrock integration or deployment impact level, contact your Second Front implementation engineer.