Monitor CIDR usage by resource
In IPAM, a resource is an AWS service entity that is assigned an IP address or CIDR
block. IPAM manages some resources, but only monitors other resources.
-
Managed resource: A managed resource has a CIDR
allocated from an IPAM pool. IPAM monitors the CIDR for potential IP address overlap
with other CIDRs in the pool, and monitors the CIDR’s compliance with a pool’s
allocation rules. IPAM supports managing the following type of resources:
-
VPCs
-
Public IPv4 pools
Public IPv4 pools and IPAM pools are managed by distinct resources in AWS. Public IPv4 pools are single account resources
that enable you to convert your publicly-owned CIDRs to Elastic IP addresses. IPAM pools can be used to allocate your public space
to public IPv4 pools.
-
Monitored resource: If a resource is monitored by
IPAM, the resource has been detected by IPAM and you can view details about the
resource’s CIDR when you use get-ipam-resource-cidrs
with the AWS CLI, or
when you view Resources in the navigation pane. IPAM supports
monitoring the following resources:
-
VPCs
-
Public IPv4 pools
-
VPC subnets
-
Elastic IP addresses
-
Subnet reserves
The following steps show you how to monitor CIDR usage and allocation rule compliance by
resource.
- AWS Management Console
-
To monitor CIDR usage by resource
Open the IPAM console at
https://console.aws.amazon.com/ipam/.
-
In the navigation pane, choose Resources.
-
From the dropdown menu at the top of the content pane, choose the
scope that you want to use. For more information about scopes, see How IPAM works.
-
View the monitoring data in the following sections:
-
Resource ID: The ID for the
scope.
-
Management state: The state
of the resource.
-
Managed: The resource
has a CIDR allocated from an IPAM pool and is being
monitored by IPAM for potential CIDR overlap and
compliance with pool allocation rules.
-
Unmanaged: The
resource does not have a CIDR allocated from an IPAM
pool and is not being monitored by IPAM for potential
CIDR compliance with pool allocation rules. The CIDR is
monitored for overlap.
-
Ignored: The resource
has been chosen to be exempt from monitoring. Ignored
resources are not evaluated for overlap or allocation
rule compliance. When a resource is chosen to be
ignored, any space allocated to it from an IPAM pool is
returned to the pool and the resource will not be
imported again through automatic import (if the
automatic import allocation rule is set on the
pool).
-
-: This resource is
not one of the types of resources that IPAM can monitor
or manage.
-
Compliance status: The
compliance status of the CIDR.
-
Compliant: A managed
resource complies with the allocation rules of the IPAM
pool.
-
Noncompliant: The
resource CIDR does not comply with one or more of the
allocation rules of the IPAM pool.
If a VPC has a CIDR that does not meet the netmask
length parameters of the IPAM pool, or if the
resource is not in the same AWS Region as the IPAM
pool, it will be flagged as noncompliant.
-
Unmanaged: The
resource does not have a CIDR allocated from an IPAM
pool and is not being monitored by IPAM for potential
CIDR compliance with pool allocation rules. The CIDR is
monitored for overlap.
-
Ignored: The resource
has been chosen to be exempt from monitoring. Ignored
resources are not evaluated for overlap or allocation
rule compliance. When a resource is chosen to be
ignored, any space allocated to it from an IPAM pool is
returned to the pool and the resource will not be
imported again through automatic import (if the
automatic import allocation rule is set on the
pool).
-
-: This resource is
not one of the types of resources that IPAM can monitor
or manage.
-
Overlap status: The overlap
status of CIDR.
-
Nonoverlapping: The
resource CIDR does not overlap with another CIDR in the
same scope.
-
Overlapping: The
resource CIDR overlaps with another CIDR in the same
scope. Note that if a resource CIDR is overlapping, it
could be overlapping with a manual allocation.
-
Ignored: The resource
has been chosen to be exempt from monitoring. IPAM does
not evaluate ignored resources for overlap or allocation
rule compliance. When a resource is chosen to be
ignored, any space allocated to it from an IPAM pool is
returned to the pool and the resource will not be
imported again through automatic import (if the
automatic import allocation rule is set on the
pool).
-
-: This resource is
not one of the types of resources that IPAM can monitor
or manage.
-
Resource name: The name of
the resource.
-
IP usage: For a resources that are VPCs, this is the percentage of IP address space in the VPC that's taken up by subnet CIDRs. For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that's in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.
-
CIDR: The CIDR associated
with the resource.
-
Region: The AWS Region of
the resource.
-
Owner ID: The AWS account
ID of the person that created this resource.
-
Pool ID: The ID of the IPAM
pool that the resource is in.
- Command line
-
The commands in this section link to the AWS CLI Reference documentation.
The documentation provides detailed descriptions of the options that you can use
when you run the commands.
Use the following AWS CLI commands to monitor CIDR usage by resource: