Gov Cloud

Note: Gov Cloud integrations are available for self-hosted enterprise LightMesh deployments. If you do not see the options described below, please contact your LightMesh administrator or Tidal Support.

Overview

LightMesh supports integrating with AWS GovCloud (US) and Azure Government so you can visualize and manage IP address space and cloud networking in regulated environments.

• AWS GovCloud (US) uses the same basic integration flow as standard AWS accounts, with GovCloud-specific regions and accounts.
• Azure Government uses the same integration flow as commercial Azure; no additional LightMesh-specific configuration is required.

All connections are initiated outbound from your self-hosted LightMesh instance to the respective cloud APIs, following the principle of least privilege.

AWS GovCloud (US)

You integrate an AWS GovCloud (US) account with LightMesh by configuring AWS credentials and then adding the cloud account in the LightMesh UI. The detailed, customer-specific steps you receive from Tidal are more prescriptive; this page provides the public, high-level flow.

1. Configure AWS access in LightMesh

In your self-hosted LightMesh instance, navigate to:

Settings → AWS ARN Configuration

Provide the following values (or ensure they are already configured by your LightMesh administrator):

1. AWS Principal ARN
   • The AWS account or role ARN that LightMesh will trust.
   • For GovCloud this will be in the GovCloud partition (for example using arn:aws-us-gov:...).
2. AWS Access Key ID
   • Access key for an IAM user or role with permissions to assume the configured role and read AWS resources.
3. AWS Secret Access Key
   • Secret key corresponding to the access key above.
4. AWS Region
   • The primary GovCloud region LightMesh should use when making API calls (for example, us-gov-west-1 or us-gov-east-1).

Alternatively, your environment may be configured using standard AWS environment variables on the LightMesh server:

• AWS_ACCESS_KEY_ID
• AWS_SECRET_ACCESS_KEY
• AWS_REGION

In that case, your admin may not expose credentials in the UI at all.

2. Add the AWS GovCloud account in LightMesh

Once AWS access is configured:

1. From the top navigation bar, go to: Cloud → Add Cloud Account → AWS.
2. Enter:
   • Connection Name (a friendly name for this GovCloud account)
   • AWS Account ID for the GovCloud account whose VPCs and resources you want to import.
3. Click Next to download the generated CloudFormation template.
4. In AWS GovCloud (US), deploy the CloudFormation template in the target account and region.
5. During deployment, verify that the Principal ARN in the template matches the ARN you configured in LightMesh.
6. After the stack is successfully created, return to LightMesh and click Finish Adding Account.

At this point, LightMesh will begin discovering VPCs and related networking resources in your GovCloud account, similar to how it behaves with commercial AWS regions.

Azure Government

LightMesh supports Azure Government using the same workflow as standard Azure cloud integration. There are no Gov-specific settings required in LightMesh beyond what you already configure for commercial Azure.

At a high level:

1. Ensure you have a suitable service principal and permissions in your Azure Government subscription(s).
2. Follow the standard LightMesh Azure cloud account integration steps, selecting your Azure Government subscription and regions as needed.
3. Once connected, LightMesh will discover VNets, subnets, and related resources in your Azure Government environment just as it does for commercial Azure.

If you are unsure whether your Azure integration is using Government or commercial subscriptions, or if you need a copy of the detailed Azure setup guide, please contact Tidal Support.