How IPAM works
This topic explains some of the key concepts to help you get started with IPAM.
The following diagram shows an IPAM pool hierarchy for multiple Amazon Regions within a top-level IPAM pool. Each Amazon Regional pool has two IPAM development pools within it, one pool for pre-production and one pool production resources. For more information about IPAM concepts, see the descriptions below the diagram.
To use Amazon VPC IP Address Manager, you first create an IPAM.
When you create the IPAM, you choose which Amazon Region to create it in. When you create an IPAM, Amazon VPC IPAM automatically creates two scopes for the IPAM. The scopes, together with pools and allocations, are key components of your IPAM.
-
A scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private space. The public scope is intended for all public space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict. Within a scope, you create IPAM pools.
-
A pool is a collection of contiguous IP address ranges (or CIDRs). IPAM pools enable you to organize your IP addresses according to your routing and security needs. You can have multiple pools within a top-level pool. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each. Within IPAM pools, you allocate CIDRs to Amazon resources.
-
An allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. When you create a VPC and choose an IPAM pool for the VPC’s CIDR, the CIDR is allocated from the CIDR provisioned to the IPAM pool. You can monitor and manage the allocation with IPAM.
IPAM can manage and monitor private IPv4 CIDRs, public IPv4/IPv6 CIDRs that you own, and Amazon-owned public IPv6 space.
To get started and create an IPAM, see Getting started with IPAM.