Monitor CIDR usage by resource - Amazon Virtual Private Cloud

Monitor CIDR usage by resource

In IPAM, a resource is an AWS service entity that is assigned an IP address or CIDR block. IPAM manages some resources, but only monitors other resources.

  • Managed resource: A managed resource has a CIDR allocated from an IPAM pool. IPAM monitors the CIDR for potential IP address overlap with other CIDRs in the pool, and monitors the CIDR’s compliance with a pool’s allocation rules. IPAM supports managing the following type of resources:

    • VPCs

    • Public IPv4 pools

      Important

      Public IPv4 pools and IPAM pools are managed by distinct resources in AWS. Public IPv4 pools are single account resources that enable you to convert your publicly-owned CIDRs to Elastic IP addresses. IPAM pools can be used to allocate your public space to public IPv4 pools.

  • Monitored resource: If a resource is monitored by IPAM, the resource has been detected by IPAM and you can view details about the resource’s CIDR when you use get-ipam-resource-cidrs with the AWS CLI, or when you view Resources in the navigation pane. IPAM supports monitoring the following resources:

    • VPCs

    • Public IPv4 pools

    • VPC subnets

    • Elastic IP addresses

    • Subnet reserves

The following steps show you how to monitor CIDR usage and allocation rule compliance by resource.

AWS Management Console

To monitor CIDR usage by resource

  1. Open the IPAM console at https://console.aws.amazon.com/ipam/.

  2. In the navigation pane, choose Resources.

  3. From the dropdown menu at the top of the content pane, choose the scope that you want to use. For more information about scopes, see How IPAM works.

  4. View the monitoring data in the following sections:

    • Resource ID: The ID for the scope.

    • Management state: The state of the resource.

      • Managed: The resource has a CIDR allocated from an IPAM pool and is being monitored by IPAM for potential CIDR overlap and compliance with pool allocation rules.

      • Unmanaged: The resource does not have a CIDR allocated from an IPAM pool and is not being monitored by IPAM for potential CIDR compliance with pool allocation rules. The CIDR is monitored for overlap.

      • Ignored: The resource has been chosen to be exempt from monitoring. Ignored resources are not evaluated for overlap or allocation rule compliance. When a resource is chosen to be ignored, any space allocated to it from an IPAM pool is returned to the pool and the resource will not be imported again through automatic import (if the automatic import allocation rule is set on the pool).

      • -: This resource is not one of the types of resources that IPAM can monitor or manage.

    • Compliance status: The compliance status of the CIDR.

      • Compliant: A managed resource complies with the allocation rules of the IPAM pool.

      • Noncompliant: The resource CIDR does not comply with one or more of the allocation rules of the IPAM pool.

        If a VPC has a CIDR that does not meet the netmask length parameters of the IPAM pool, or if the resource is not in the same AWS Region as the IPAM pool, it will be flagged as noncompliant.

      • Unmanaged: The resource does not have a CIDR allocated from an IPAM pool and is not being monitored by IPAM for potential CIDR compliance with pool allocation rules. The CIDR is monitored for overlap.

      • Ignored: The resource has been chosen to be exempt from monitoring. Ignored resources are not evaluated for overlap or allocation rule compliance. When a resource is chosen to be ignored, any space allocated to it from an IPAM pool is returned to the pool and the resource will not be imported again through automatic import (if the automatic import allocation rule is set on the pool).

      • -: This resource is not one of the types of resources that IPAM can monitor or manage.

    • Overlap status: The overlap status of CIDR.

      • Nonoverlapping: The resource CIDR does not overlap with another CIDR in the same scope.

      • Overlapping: The resource CIDR overlaps with another CIDR in the same scope. Note that if a resource CIDR is overlapping, it could be overlapping with a manual allocation.

      • Ignored: The resource has been chosen to be exempt from monitoring. IPAM does not evaluate ignored resources for overlap or allocation rule compliance. When a resource is chosen to be ignored, any space allocated to it from an IPAM pool is returned to the pool and the resource will not be imported again through automatic import (if the automatic import allocation rule is set on the pool).

      • -: This resource is not one of the types of resources that IPAM can monitor or manage.

    • Resource name: The name of the resource.

    • IP usage: For a resources that are VPCs, this is the percentage of IP address space in the VPC that's taken up by subnet CIDRs. For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that's in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.

    • CIDR: The CIDR associated with the resource.

    • Region: The AWS Region of the resource.

    • Owner ID: The AWS account ID of the person that created this resource.

    • Pool ID: The ID of the IPAM pool that the resource is in.

Command line

The commands in this section link to the AWS CLI Reference documentation. The documentation provides detailed descriptions of the options that you can use when you run the commands.

Use the following AWS CLI commands to monitor CIDR usage by resource:

  1. Get the scope ID: describe-ipam-scopes

  2. Request resource information: get-ipam-resource-cidrs