ipam
This component is responsible for provisioning IPAM per region in a centralized account.
Usage
Stack Level: Regional
Here's an example snippet for how to use this component.
components:
terraform:
ipam:
vars:
enabled: true
top_cidr: [10.96.0.0/11]
pool_configurations:
core:
cidr: [10.96.0.0/12]
locale: us-east-2
sub_pools:
network:
cidr: [10.96.0.0/16]
ram_share_accounts: [core-network]
auto:
cidr: [10.97.0.0/16]
ram_share_accounts: [core-auto]
corp:
cidr: [10.98.0.0/16]
ram_share_accounts: [core-corp]
plat:
cidr: [10.112.0.0/12]
locale: us-east-2
sub_pools:
dev:
cidr: [10.112.0.0/16]
ram_share_accounts: [plat-dev]
staging:
cidr: [10.113.0.0/16]
ram_share_accounts: [plat-staging]
prod:
cidr: [10.114.0.0/16]
ram_share_accounts: [plat-prod]
sandbox:
cidr: [10.115.0.0/16]
ram_share_accounts: [plat-sandbox]
Variables
Required Variables
Optional Variables
account_map_environment_name
(string
) optionalThe name of the environment where
account_map
is provisionedDefault value:
"gbl"
account_map_stage_name
(string
) optionalThe name of the stage where
account_map
is provisionedDefault value:
"root"
account_map_tenant_name
(string
) optionalThe name of the tenant where
account_map
is provisioned.If the
tenant
label is not used, leave this asnull
.Default value:
null
address_family
(string
) optionalIPv4/6 address family.
Default value:
"ipv4"
ipam_scope_id
(string
) optional(Optional) Required if
var.ipam_id
is set. Determines which scope to deploy pools into.Default value:
null
ipam_scope_type
(string
) optionalWhich scope type to use. Valid inputs include
public
orprivate
. You can alternatively provide your own scope ID.Default value:
"private"
pool_configurations
(any
) optionalA multi-level, nested map describing nested IPAM pools. Can nest up to three levels with the top level being outside the
pool_configurations
. This attribute is quite complex, see README.md for further explanation.Default value:
{ }
top_auto_import
(bool
) optionalauto_import
setting for top-level pool.Default value:
null
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. Document is not stored in the state file. For more information, refer to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr#cidr_authorization_context.
Default value:
null
top_description
(string
) optionalDescription of top-level pool.
Default value:
""
Principals to create RAM shares for top-level pool.
Default value:
null
Context Variables
The following variables are defined in the context.tf
file of this module and part of the terraform-null-label pattern.
context.tf
file of this module and part of the terraform-null-label pattern.Outputs
pool_configurations
Pool configurations
Dependencies
Requirements
terraform
, version:>= 1.0.0
aws
, version:>= 4.0
Providers
aws
, version:>= 4.0
Modules
Name | Version | Source | Description |
---|---|---|---|
account_map | 1.8.0 | cloudposse/stack-config/yaml//modules/remote-state | n/a |
iam_roles | latest | ../account-map/modules/iam-roles | n/a |
ipam | 2.1.2 | aws-ia/ipam/aws | n/a |
this | 0.25.0 | cloudposse/label/null | n/a |
Resources
The following resources are used by this module:
Data Sources
The following data sources are used by this module:
aws_caller_identity.current
(data source)aws_region.current
(data source)
References
- cloudposse/terraform-aws-components - Cloud Posse's upstream component