VPC IP Address Manager (IPAM)
IPAM enables management and auditing of IP address assignments across an organization's accounts, VPCs, and AWS Regions using a single operational dashboard. IPAM enables users to automate IP address assignment, monitor, troubleshoot, and audit network address assignments.
IPAM operates using a pool-based hierarchy. Pools are collections of CIDRs that organize
IP space with an AWS account. Unused address space from top-level pools can be used to fill
your regional pools. Further, applications or environments with different security needs can
create additional pools. For example, developers can create different pools for dev
(development) and prod
(production) environments if they are subject to different
connectivity requirements. The following figure demonstrates a sample IPAM pool hierarchy:
After the IPAM pools have been configured, development teams and resources needing new IP address assignments are able to make use of an automated, self-service process, unblocking the developers, and eliminating errors from using manual processes that can lead to connectivity issues. With the IPAM self-service model, developers can directly create resources and receive IP addresses based on business rules in seconds, removing the delays in onboarding applications and improving the velocity of the development team
For network administrators, IPAM provides observability and auditing capabilities, helping to speed up troubleshooting, and providing oversight and monitoring of the used and unused addresses across an organization's global network address pool using a single dashboard. For each assigned address, IPAM tracks critical information such as the AWS account, the VPC, routing, and the security domain, eliminating the bookkeeping work that burdens administrators.
Having used IPAM to eliminate IP assignment errors, customers can use IPAM to monitor assigned addresses and receive alerts when potential issues are detected. This could include depleting IP addresses that can stall their network's growth or overlapping IP addresses that can result in erroneous routing. To further help troubleshoot network issues and audits of network security and routing policies, network administrators can also take advantage of the current and historical data that IPAM makes available to gain usage insights.
In summary, IPAM enables operators to:
-
Organize IP address space into routing and security domains.
-
Monitor IP address space that's in use and monitor resources that are using space against business rules.
-
View the history of IP address assignments in your organization.
-
Automatically allocate CIDRs to VPCs using specific business rules.
-
Troubleshoot network connectivity issues.
-
Enable cross-region and cross-account sharing of your Bring Your Own IP (BYOIP) addresses.