NTC IP Address Management (IPAM)

Release Notes Source Code Implementation Blueprint

Description

NTC IPAM simplifies the management of IP address allocations in your AWS environment by leveraging AWS VPC IP Address Manager (IPAM). This building block automates the setup and configuration of IPAM to centrally manage CIDR allocations across VPCs, accounts, and regions. With NTC IPAM, you can enforce IP address usage policies, prevent overlapping CIDR blocks, and ensure efficient utilization of IP space.

Designed to integrate seamlessly with your AWS multi-account setup, this building block provides a scalable and consistent approach to managing network IPs across your organization.

Usage

Latest Release	1.0.2

IPAM

# --------------------------------------------------------------------------------------------------
# ¦ NTC IPAM
# --------------------------------------------------------------------------------------------------
module "ntc_ipam" {
  source = "github.com/nuvibit-terraform-collection/terraform-aws-ntc-ipam?ref=X.X.X"

  description = "Organizational IPAM"

  nested_pools = [
    {
      pool_path   = "/toplevel"
      pool_name   = "Global (CGNAT) Pool"
      description = "top-level pool"
      cidrs       = ["100.64.0.0/10"]
    },
    {
      pool_path   = "/toplevel/frankfurt"
      pool_name   = "Europe (Frankfurt) Pool"
      pool_region = "eu-central-1"
      description = "regional pool"
      cidrs = [
        "100.64.0.0/14",
        "100.68.0.0/14",
        "100.72.0.0/14"
      ]
    },
    {
      pool_path   = "/toplevel/frankfurt/prod"
      pool_name   = "Prod Pool"
      pool_region = "eu-central-1"
      description = "staging pool"
      cidrs       = cidrsubnets("100.64.0.0/14", 2, 2, 2, 2)
      # share IPAM with Organizations, OUs or Accounts
      # ram_share_principals              = ["o-m29e8d9xxx", "ou-6gf5-6ltp3mmm", "111111111111"]
      allocation_default_netmask_length = 22
      allocation_max_netmask_length     = 22
      allocation_min_netmask_length     = 22
      allocation_resource_tags          = {}
    },
    {
      pool_path   = "/toplevel/frankfurt/dev"
      pool_name   = "Dev Pool"
      pool_region = "eu-central-1"
      description = "staging pool"
      cidrs       = cidrsubnets("100.68.0.0/14", 2, 2, 2, 2)
      # share IPAM with Organizations, OUs or Accounts
      ram_share_principals = [
        local.ntc_parameters["mgmt-organizations"]["ou_ids"]["/root/workloads/dev"]
      ]
      allocation_default_netmask_length = 22
      allocation_max_netmask_length     = 22
      allocation_min_netmask_length     = 22
      allocation_resource_tags          = {}
    },
    {
      pool_path   = "/toplevel/ireland"
      pool_name   = "Europe (Ireland) Pool"
      pool_region = "eu-west-1"
      description = "regional pool"
      cidrs = [
        "100.124.0.0/14",
        "100.120.0.0/14",
        "100.116.0.0/14"
      ]
    }
  ]

  providers = {
    aws = aws.euc1
  }
}

Requirements

The following requirements are needed by this module:

• terraform (>= 1.3.0)

• aws (>= 4.53.0)

Providers

The following providers are used by this module:

• aws (>= 4.53.0)

Modules

No modules.

Resources

The following resources are used by this module:

• aws_ram_principal_association.ntc_ipam_share (resource)
• aws_ram_resource_association.ntc_ipam_share (resource)
• aws_ram_resource_share.ntc_ipam_share (resource)
• aws_vpc_ipam.ntc_ipam (resource)
• aws_vpc_ipam_pool.ntc_nested_pool_level1 (resource)
• aws_vpc_ipam_pool.ntc_nested_pool_level2 (resource)
• aws_vpc_ipam_pool.ntc_nested_pool_level3 (resource)
• aws_vpc_ipam_pool.ntc_nested_pool_level4 (resource)
• aws_vpc_ipam_pool.ntc_nested_pool_level5 (resource)
• aws_vpc_ipam_pool.ntc_top_level_pool (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_cidrs_level1 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_cidrs_level2 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_cidrs_level3 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_cidrs_level4 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_cidrs_level5 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_netmask_level1 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_netmask_level2 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_netmask_level3 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_netmask_level4 (resource)
• aws_vpc_ipam_pool_cidr.ntc_nested_pools_netmask_level5 (resource)
• aws_vpc_ipam_pool_cidr.ntc_top_level_pool_cidrs (resource)
• aws_vpc_ipam_pool_cidr.ntc_top_level_pool_netmask (resource)
• aws_vpc_ipam_scope.ntc_custom_private_scope (resource)
• aws_organizations_organization.org (data source)
• aws_partition.current (data source)
• aws_region.current (data source)

Required Inputs

No required inputs.

Optional Inputs

The following input variables are optional (have default values):

address_family

Description: The IP protocol assigned to pools. Must be either IPv4 or IPv6.

Type: string

Default: "ipv4"

cascade_delete

Description: Enable to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes.

Type: bool

Default: false

create_custom_private_scope

Description: Set to true if custom private scope should be created instead of using default private scope.

Type: bool

Default: false

custom_private_scope_description

Description: This is the description of a custom IPAM scope.

Type: string

Default: "Private Custom Scope"

description

Description: This is the description of the IPAM service.

Type: string

Default: null

nested_pools

Description: List of pools that should be added under the top level pool. The top level pool with pool_path "/toplevel" is mandatory.

Type:

list(object({
    pool_path                         = string
    pool_name                         = string
    description                       = optional(string, null)
    pool_region                       = optional(string, null)
    cidrs                             = optional(list(string), [])
    netmask_length                    = optional(number, 0)
    auto_import_discovered_cidrs      = optional(bool, false)
    ram_share_principals              = optional(list(string), [])
    allocation_default_netmask_length = optional(number, 0)
    allocation_max_netmask_length     = optional(number, 0)
    allocation_min_netmask_length     = optional(number, 0)
    allocation_resource_tags          = optional(map(string), null)
  }))

Default: []

scope_type

Description: The scope type used for IPAM pools. Must be either public or private

Type: string

Default: "private"

Outputs

The following outputs are exported:

ipam_arn

Description: The ARN of the IPAM service.

ipam_id

Description: The id of the IPAM service.

nested_pools_allocation_configs

Description: Map of IPAM pool allocation configs by pool path.

nested_pools_arns

Description: Map of IPAM pool ARNs by pool path.

nested_pools_ids

Description: Map of IPAM pool identifiers by pool path.