Provide a way to have approval via invoking a Lambda function workflow

aws-solutions / network-orchestration-for-aws-transit-gateway

The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. It creates a web interface to help control, audit, and approve (transit) network changes.

https://aws.amazon.com/solutions/implementations/serverless-transit-network-orchestrator/

Apache License 2.0

113 stars 48 forks source link

Provide a way to have approval via invoking a Lambda function workflow #13

Closed faridnsh closed 4 years ago

faridnsh commented 4 years ago

We want to approve any VPC who's CIDR is registered in our IPAM system and have a certain tag. We would like to approve any VPC in our organisation but in case someone tries to attach a VPC with a CIDR that don't belong to them, this might ruin connectivity for some other teams and we would like to avoid this.

groverlalit commented 4 years ago

@alFReD-NSH The auto-approve vs approval workflow is solely depends on the tag on the TGW route table. The solution workflow is not cognizant of VPC properties. Should we need add a mechanism to block the user to create a VPC with a CIDR that does not belong to them?

faridnsh commented 4 years ago

Hi,

Should we need add a mechanism to block the user to create a VPC

Actually that gave me an idea on how to do this for our organization via tags and SCPs which I think is a better way

Thanks for the help, I'm gonna close this since there's a better way for us.