The IXP Manager can generate an instruction command and makes it available to the Arista(s). The switch(es) could pull the config using a script that further sanitizes/validates the config its pulling before applying. This would prevent IXP Manager from having its own direct access to the switch. This could also be the case for pulling data from the switch(es) as well.

Patterned after a TR-069 or similar concept, the switch could phone home to the IXP manager (once a minute cronjob for example) and see if there is anything the IXP manager wants done. A simple text based file (json, etc) is generated by the IXP manager and the Arista would then just query this file and parse out instructions and perform actions as instructed or ignore them if malformed or otherwise not allowed. Obviously this is would be only for Arista switch(es) managed by MICE. I don't have any IXP Manager experience beyond simple user but I know Arista can do this fairly easily. It could also just be a RESTful API even.

Maybe something like this already exists I have no idea but I would highlight the two things this concept does

1: Allows IXP manager to affect change without direct access to the switch(es)

2: Allows the Arista switch(es) to ultimately decide to accept or ignore instructions to make config changes, send info, perform other actions like bounce my member port, apply TCP/179 filtering to my port, show me some log data, etc.

This concept could also apply to the route servers too since they also run a *nix OS like Arista. 

This would not be a simple/quick idea but I feel would check various boxes for people: air gap, allows automation/self-service, and if automation fails it results in a fallback to manual only changes like we are doing today anyways, etc. Since I know MICE does have money, it could be dev work hired out to someone or a team to produce and then MICE retains rights to the resultant code. We have enough people across our membership that I am sure we could validate the code is sound and also perform bugfixes as needed going forward, perhaps even make it public, GPL style. Maybe IXP Manager already has some of this functionality?

Last second additional thought, simple instructions (eg add a second MAC address, show me log data for my port) get automatically approved. Bigger changes (remove/change my MAC address, some other action) need to get some sort of manual approval by the tech team so it can be scrutinized first.

None of this needs to be done in IXP Manager either but some other custom, purpose built web portal.

Maybe I'm way overthinking this.  Food for thought at any rate.