Skip to content

Managed Services

The concept of managed services, in the Game Warden context, is three-fold:

  • Amazon Web Services (AWS) with an emphasis on Backup, DynamoDB, ElastiCache, Elastic File Storage, Elastic Kubernetes Service (EKS), Relational Database Service (RDS), Simple Email Service (SES), and Simple Storage Service. OpenSearch and API Gateway are on our radar.
  • Big Bang services such as HashiCorp Vault and Istio.
  • Game Warden managed services, which might involve pulling images from Iron Bank – a Department of Defense (DoD)-approved image registry – to run in your Kubernetes cluster.

As clients, you neither provide images nor resolve or justify Common Vulnerabilities and Exposures (CVEs) relative to managed services. The Game Warden team manages this process via policy, manual efforts, or pipelines.

AWS

Game Warden-AWS

Game Warden operates in AWS GovCloud East.

The table below depicts our commonly supported services on AWS, and their availablity at each Impact Level (IL):

Service Name IL2 IL4 IL5
EBS (Elastic Block Store) Yes Yes Yes
EC2 (Elastic CLoud Compute) Yes Yes Yes
EFS (Elastic File Storage) Yes Yes Yes
EKS (Elastic Kubernetes Service) Yes Yes Yes
IAM (Identity and Access Management) Yes Yes Yes
KMS (Key Management Service) Yes Yes Yes
RDS (Relational Database Service) Yes Yes Yes
SQS (Simple Queue Service) Yes Yes Yes
S3 (Simple Storage Service) Yes Yes Yes
VPC (Virtual Private Cloud) Yes Yes Yes
SES (Simple Email Service) Yes Yes Yes
Transit Gateway Yes Yes Yes
Backup Yes Yes Yes
DynamoDB Yes Yes Yes
ElastiCache Yes Yes Yes

For Hi-Side deployments (Top Secret), only EKS, RDS and S3 services are currently available.

Check back regularly to see what new services we offer. If you'd like an AWS service not currently listed, we can generate a feature request on your behalf but cannot guarantee a timeline.

AWS provides a List which includes additional AWS services that we may be able to support. Game Warden operates in AWS GovCloud (US-East) - ensure the Region dropdown is selected to AWS GovCloud (US - East). Currently, we do not support each service; however, with advanced notice (from Sales, for example) coupled with Game Warden leadership approval, our team might be able to support some services on the list.

We can support certain services within the Kubernetes cluster where your applications reside. Ideally, your applications reside within your Kubernetes cluster in a specific container. All AWS services, however, operate outside of your Kubernetes cluster.

GCP

The table below depicts popular GCP services, their associated support status on Game Warden, and their availablity at each Impact Level (IL):

Service Name Status IL2 IL4 IL5
BigQuery Supported Yes Yes Yes
Cloud HSM (Hardware Security Module) Can Support Yes Yes Yes
Cloud Identity Supported Yes Yes Yes
Cloud Logging Can Support Yes Yes Yes
Cloud Key Management Service Not Yet Supported No No No
Cloud Storage Can Support Yes Yes Yes
Compute Engine Supported Yes Yes Yes
Dataflow Cannot Support No No No
Google Kubernetes Engine Supported Yes Yes Yes
Persistent Disk Cannot Support No No No
Virtual Private Cloud Supported Yes Yes Yes
Cloud Logging Can Support Yes Yes Yes
Cloud Monitoring Can Support Yes Yes No
Cloud Pub/Sub Can Support Yes Yes No
Cloud SQL Can Support Yes Yes No

GCP does not currently support IL6 or Hi-Side deployments.

Service Status:

  • Supported: Game Warden is currently supporting this service for customers.

  • Can Support: Game Warden is able to support this service. Contact our team to confirm availablity.

  • Not Yet Supported: Game Warden does not currently support this service, but may in the future if the need arises.

  • Cannot Support: Game Warden cannot support this service.

Big Bang

Big Bang is the architecture upon which Game Warden is built and upon which our applications run, enabling our team to use a DoD-approved architecture and set of services. Big Bang runs inside the Kubernetes cluster provisioned via AWS, where your application resides.

Currently, we do not have customers who use Big Bang managed services. The process for deploying these services would be similar to establishing any external AWS service. In this case, however, we would configure the Big Bang managed service to run within your Kubernetes cluster. These services might include, for example, HashiCorp Vault and Istio.

Iron Bank

Iron Bank is a DoD service and registry that automates, secures, and accelerates the approval process of commercial and open source images to be used within the DoD with DoD-wide reciprocity. Iron Bank can be a source for containers that can provide managed services. As an example, a Game Warden client might need a Redis service (Remote Dictionary Server) for caching. In this circumstance, the Game Warden team might access Iron Bank and deploy images on your behalf to meet your managed service needs. We will only pull and deploy approved Iron Bank images that meet Acceptance Baseline Criteria (ABC).

Support and Deployment

The Game Warden team does not proactively recommend managed services. Should you require managed services, you must request them as early as possible. We recommend that you provide your use case, perhaps as part of your Authorization Boundary Diagram or earlier. You also might mention this request during pre-Sales or Sales meetings. The Game Warden team should be aware of this request before we deploy any applications. If you need managed services suddenly or unexpectedly, you can make this request via Slack or by contacting your designated Customer Operations member.

For Backup, DynamoDB, ElastiCache, Elastic File Storage, Elastic Kubernetes Service (EKS), Relational Database Service (RDS), Simple Email Service (SES), and Simple Storage Service, the Game Warden team uses Infrastructure as Code (IaC) to provision the needed infrastructure, then connects these resources to the Kubernetes cluster where your application is deployed. These services, therefore, do not run within the cluster. For example, our team can establish an S3 bucket for you before configuring your cluster to communicate with this service. RDS, S3, and EFS managed services deployments are seamless to clients and end-users, and we can deploy these services at each Impact Level (IL).

For most other managed services, the Game Warden team must first determine the exact service and if this service is allowed at each Impact Level (IL), as policies may apply. This process might require Game Warden leadership involvement. For IL4+, there are policies and technologies in place that require government approval.

Feedback

Was this article helpful? Want to see something more?

Please reach out to us here with your feedback.

Return to Help Center Home