search

aws-solutions / network-orchestration-for-aws-transit-gateway

The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. It creates a web interface to help control, audit, and approve (transit) network changes.
https://aws.amazon.com/solutions/implementations/serverless-transit-network-orchestrator/
Apache License 2.0
116 stars 49 forks source link

ApprovalRequired = Conditional : cherry-pick "only new attachments" should be approved #114

Open Cupidazul opened 4 months ago

Cupidazul commented 4 months ago

We have ApprovalRequired implemented, therefore, new attachments should be manually approved. The problem we are facing is that we have migrated TGW Routing Tables from one design to another, and wanted to implement a temporary freeze for new attachments, but in the meanwhile we would like to automatically accept re-associations for currently existing attachments (PROD attachments really need to move from one routing table to another with the least impact possible).

The issue for us is that, customers unaware of this freeze are continuing to create new attachments during the freeze period, we would like to cherry-pick only new attachments being created to continue to be approved, and at the same time, customers that are simply changing their Associate/Propagate VPC tags will be able to move around from one table to another quickly without having to wait for a manual approval.

Cherry picking OUs doesn't fit this purpose, because our customers may have more than one VPC in each OUs, and some may be already attached to our TGW, others may not.

dorrikh commented 4 months ago

Thank you for your feedback, @Cupidazul. We are reviewing the request and will update the issue.