Network API

A multi cloud network API that let you automate the management of multiple VPCs in diferent cloud providers.

It works as a serverless application running primarily on AWS, using AWS SAM for orchestrating the deployment and DynamoDB for storing network metadata. Providers are pluggable by using a webhook, currently only aws-provider is available.

Subnets Layout

The API generates subnets for any given size of network, from /16 down to /24, using the following layout, example given using a network.

subnet ranges type private public tgw private public tgw private public tgw spare


Providers webhook receive the following payload when called:

const (
	CreateNetwork EventType = "create_network"
	CheckNework   EventType = "check_network"
	DeleteNetwork EventType = "delete_network"
	QueryNetwork  EventType = "query_network"

type ProviderWebhook struct {
	Event       EventType `json:"event"`
	NetworkID   string    `json:"networkID" validate:"required"`
	Account     string    `json:"account" validate:"required"`
	Region      string    `json:"region" validate:"required"`
	Environment string    `json:"environment" validate:"required"`
	CIDR        string    `json:"cidr" validate:"required_if=Event create_network,omitempty,cidr"`
	Subnets     []*Subnet `json:"subnets,omitempty" validate:"required_if=Event create_network,omitempty"`


AWS Provider uses a cloudformation template for creating new VPCs, which is stored in a bucket. The lambda has a default role that allows it to assume roles in multiple accounts, for this to work you have to deploy a stackset on your master account using aws_provider_trust_role.yaml.

For security it uses a KMS key to validate the used token, to create a token use aws-provider-token command.

The cloudformation template has the following parameters:

Parameter Description
VPCName The name of the VPC being created.
Environment The VPC environment. Values: prod or qa
VPCCidr The CIDR of the VPC being created. Example:
PublicSubnet0Cidr The CIDR of the public subnet being created. Example:
PrivateSubnet0Cidr The CIDR of the private subnet being created. Example:
TGWSubnet0Cidr The CIDR of the TGW Attachment subnet being created. Example:


GOARCH=amd64 GOOS=linux go build -o api ./cmd/network-api
sam local start-api




export ENDPOINT="..."

# Pools
curl -H "Content-Type: application/json" -d '{"region":"us-east-1","name":"main-aws","subnetIP":"","subnetMaxIP":""}' -v $ENDPOINT/api/v1/pools
curl -H "Content-Type: application/json" -d '{"region":"sa-east-1","name":"southamerica-aws","subnetIP":"","subnetMask":16}' -v $ENDPOINT/api/v1/pools

# Providers
curl -H "Content-Type: application/json" -d '{"name":"aws","webhookURL":"https://something.localhost","apiToken":"1234token"}' -v $ENDPOINT/api/v1/providers

curl -H "Content-Type: application/json" -d '{"region":"us-east-1","subnetSize":16,"account":"123","provider":"aws","environment":"prod","attachTGW":true,"privateSubnet":true,"publicSubnet":true}' -v $ENDPOINT/api/v1/networks


View Github