Console Login
Docs / Integrations / AWS Bedrock

Govern Bedrock action groups with explicit checks.

Before action-group handlers execute, route intent to Gvner and block on DENY.

Integration Hub HTTP/Webhook Contract API Reference Support & Launch

Where to hook intent checks

Place intent check at action-group entry before any external side effect.
Always call before side effects, not after.
Pass correlation IDs for traceability.

Payload mapping to /adapters/http/intent

{ "tenant_id": "acme", "runtime_id": "bedrock-01", "agent_id": "agent-01", "intent": "update_customer", "requested_scopes": ["update_customers"], "tool": "crm", "context": {"source": "bedrock", "workflow": "demo"}, "requested_budget": 1.0, "work_type": "execution", "correlation_id": "req-123" }

Fail-closed behavior

Required: if Gvner is unreachable, returns DENIED, or response is invalid, do not execute. Treat as blocked and log audit context.

Sample wrapper pattern

# in action group handler decision = guvna_evaluate(intent) if decision["decision"] != "ALLOWED": return {"blocked": True, "reason": decision["reason"]} # execute action

Relevant console pages

Integration Runtimes

Runtime inventory and status checks.

Observability

Signal health for integration pipelines.

Incidents

Escalations tied to blocked/failed executions.

Support Pack

Bundle diagnostics for partner troubleshooting.

Evidence and exports

Export evidence packets from Exports.
Use Receipts for integrity checks.
Use Regulator Packets for external review.