Skip to content


Repository files navigation

cloudconnect reference latest release build status code quality

Cloud connect provides a CLI (cloud-connect) and Lambda function (autoapprover) for managing CIDR allocations and attachments for a multi-tenant (and multi-region) setup of AWS Transit Gateway. This is done using a YAML configuration that contains CIDR allocations (see example/allocations.yml) and using the autoapprover to manage transit gateway attachments and routes.



Use homebrew to install the latest version on OS X and Linux: brew install telia-oss/tap/cloud-connect. Otherwise you can install cloud-connect by downloading it from the releases.


$ cloud-connect --help
usage: cloud-connect [<flags>] <command> [<args> ...]

CLI for managing cloud connect

  --help  Show context-sensitive help (also try --help-long and --help-man).

  help [<command>...]
    Show help.

  format <file>...
    Format config file

  validate <file>...
    Validate config file

  next-cidr --supernet=SUPERNET [<flags>] <file>
    Get the next available CIDR

  list attachments --region=REGION <file>
    List transit gateway attachments

  list routes --region=REGION <file>
    List transit gateway routes

  list supernets <file>
    List available supernets

  plan --region=REGION <config>
    Plan changes to transit gateway based on the specified config

  apply --region=REGION [<flags>] <config>
    Apply changes to transit gateway



You can download the latest version of autoapprover from the releases, or you can use the pre-packaged zip files available from our public S3 bucket and reference it directly in your terraform:

data "aws_region" "current" {}

module "lambda" {
  source  = "telia-oss/lambda/aws"
  version = "3.0.0"

  name_prefix = "autoapprover"
  s3_bucket   = "telia-oss-${}"
  s3_key      = "autoapprover/"
  handler     = "autoapprover"



The autoapprover is a Lambda function, but can also be run locally for development purposes:

$ autoapprover --help
usage: autoapprover --config-bucket=CONFIG-BUCKET --config-path=CONFIG-PATH --region=REGION [<flags>]

A lambda handler for managing cloud connect

  --help                         Show context-sensitive help (also try --help-long and --help-man).
  --config-bucket=CONFIG-BUCKET  S3 bucket where the config is stored
  --config-path=CONFIG-PATH      Path to the config file (in the S3 bucket)
  --region=REGION                AWS Region to target
  --local                        Run the handler in local mode (i.e. not inside a Lambda)
  --dry-run                      Use the dry-run option for AWS API requests (no side-effects).
  --debug                        Enable debug logging.

I.e. you can use --local and --dry-run to test the code locally without side effects.

Environment variables

As with the CLI, flags can be set via the environment:

# For staging
export AUTOAPPROVER_CONFIG_BUCKET=dc-stage-autoapprover
export AUTOAPPROVER_CONFIG_PATH=allocations.yml 

# For production
export AUTOAPPROVER_CONFIG_BUCKET=dc-prod-autoapprover
export AUTOAPPROVER_CONFIG_PATH=allocations.yml 

After setting the above, you can run the autoapprover locally like this:

./build/autoapprover --dry-run --local --debug