Automated approval

By default, the solution approves network requests from spoke accounts automatically. This section provides detail about this workflow.

Architecture diagram of AWS resources deployed to approve network requests automatically.

Depending on the event, the state machine can perform the following actions:
- Create, update, or delete transit gateway attachments to the VPC
- Create or update transit gateway route table associations
- Enable or disable transit gateway route table propagations
The state machine creates routes in the VPC route tables associated with the subnets that you tagged, with the following exceptions (see Step 5. Add tags for more information):
- If there is no explicit route table associated with the subnet, the solution updates the main route table instead.
- If you tag a second subnet in the same Availability Zone, you must use the route-to-tgw tag key to only add the route and skip adding the subnet in the attachment.
The state machine then adds a new status tag to the VPC or the subnet with the status of the request.
The state machine updates the DynamoDB table to activate the network administrator to audit the network change history. The changes in DynamoDB are automatically reflected in the web UI dashboard. Administrators and users can sign in to the web UI to review the history of all changes that occurred in the network.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Architecture details

Manual approval