ApprovalRequired = Conditional : cherry-pick "only new attachments" should be approved

[Cupidazul]

We have ApprovalRequired implemented, therefore, new attachments should be manually approved. The problem we are facing is that we have migrated TGW Routing Tables from one design to another, and wanted to implement a temporary freeze for new attachments, but in the meanwhile we would like to automatically accept re-associations for currently existing attachments (PROD attachments really need to move from one routing table to another with the least impact possible).

The issue for us is that, customers unaware of this freeze are continuing to create new attachments during the freeze period, we would like to cherry-pick only new attachments being created to continue to be approved, and at the same time, customers that are simply changing their Associate/Propagate VPC tags will be able to move around from one table to another quickly without having to wait for a manual approval.

Cherry picking OUs doesn't fit this purpose, because our customers may have more than one VPC in each OUs, and some may be already attached to our TGW, others may not.