Create an IPAM - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create an IPAM

Follow the steps in this section to create your IPAM. If you have delegated an IPAM administrator, these steps should be completed by the IPAM account.

Important

When you create an IPAM, you will be asked to allow IPAM to replicate data from source accounts into an IPAM delegate account. To integrate IPAM with Amazon Organizations, IPAM needs your permission to replicate resource and IP usage details across accounts (from member accounts to the delegated IPAM member account) and across Amazon Regions (from operating Regions to the home Region of your IPAM). For single account IPAM users, IPAM needs your permission to replicate resource and IP usage details across operating Regions to the home Region of your IPAM.

When you create the IPAM, you choose the Amazon Regions where the IPAM is allowed to manage IP address CIDRs. These Amazon Regions are called operating Regions. IPAM discovers and monitors resources only in the Amazon Regions that you select as operating Regions. IPAM doesn't store any data outside of the operating Regions that you select.

The following example hierarchy shows how the Amazon Regions that you assign when you create the IPAM will impact the Regions that will be available for pools that you create later.

  • IPAM operating in Amazon Region 1 and Amazon Region 2

    • Private scope

      • Top-level IPAM pool

        • Regional IPAM pool in Amazon Region 2

          • Development pool

            • Allocation for a VPC in Amazon Region 2

You can only create one IPAM. For more information about increasing quotas related to IPAM, see Quotas for your IPAM.

Amazon Management Console
To create an IPAM
  1. Open the IPAM console at https://console.amazonaws.cn/ipam/.

  2. In the Amazon Management Console, choose the Amazon Region in which you want to create the IPAM. Create the IPAM in your main Region of operations.

  3. On the service home page, choose Create IPAM.

  4. Select Allow Amazon VPC IP Address Manager to replicate data from source account(s) into the IPAM delegate account. If you do not select this option, you cannot create an IPAM.

  5. Choose an IPAM tier. For more information about the features available in each tier and the costs associated with the tiers, see the IPAM tab on the Amazon VPC pricing page.

  6. Under Operating regions, select the Amazon Regions in which this IPAM can manage and discover resources. The Amazon Region in which you are creating your IPAM is selected as one of the operating Regions by default. For example, if you’re creating this IPAM in Amazon Region us-east-1 but you want to create Regional IPAM pools later that provide CIDRs to VPCs in us-west-2, select us-west-2 here. If you forget an operating Region, you can return at a later time and edit your IPAM settings.

    Note

    If you are creating an IPAM in the Free Tier, you can select multiple operating Regions for your IPAM, but the only IPAM feature that will be available across operating Regions is Public IP insights. You cannot use other features in the Free Tier, like BYOIP, across the IPAM's operating Regions. You can only use them in the IPAM's home Region. To use all IPAM features across operating Regions, create an IPAM in the Advanced Tier.

  7. Choose Create IPAM.

Command line

The commands in this section link to the Amazon CLI Reference documentation. The documentation provides detailed descriptions of the options that you can use when you run the commands.

Use the following Amazon CLI commands to create, modify, and view details related to your IPAM:

  1. Create the IPAM: create-ipam

  2. View the IPAM that you've created: describe-ipams

  3. View the scopes that are created automatically: describe-ipam-scopes

  4. Modify an existing IPAM: modify-ipam

When you have completed these steps, IPAM has done the following:

  • Created your IPAM. You can see the IPAM and the currently selected operating Regions by choosing IPAMs in the left navigation pane of the console.

  • Created one private and one public scope. You can see the scopes by choosing Scopes in the navigation pane. For more information about scopes, see How IPAM works.