I need to find a way to to manage the IP Address Utilization inside an AWS Environment using IPAM in AWS Environment
Our environment in AWS is based around a 10.0.0.0 /12 Address space:
We have multiple AWS Accounts for each VPC Group Type, with a total of 8 AWS Accounts: Lab, Development, QC, Production, Services, Sandbox, etc..
We build separate VPC's emulating different "Data Center" environments for each AWS Account: Lab-Dev, Lab-QC, Lab-Prod, Dev-Prod, Dev-QC, Dev-eCom, Dev-Prod, QC-eCom, QC-Corp, etc...
Each VPC uses a /16 subnet:
DevEcomVPC=10.147.0.0/16,
DevCorpVPC=10.149.0.0/16,
QCeCom=10.150.0.0/16,
QCCorp=10.151.0.0/16
and finally, each VPC Contains the subnets for the development teams to build their devices/servers/etc:
Account: DEV
VPC: DEVeCom: 10.147.0.0/16
DEVeComPubELB-B: 10.147.0.0/23
DEVeComPubELB-C: 10.147.2.0/23
DEVeComPubELB-D: 10.147.4.0/23
DEVeComPvtELB-B: 10.147.6.0/23
DEVeComPvtELB-C: 10.147.8.0/23
DEVeComPvtELB-D: 10.147.10.0/23
DEVeComPvtDMZ-B: 10.147.16.0/20
DEVeComPvtDMZ-C: 10.147.32.0/20
DEVeComPvtDMZ-D: 10.147.48.0/20
DEVeComPvtApp-B: 10.147.144.0/20
DEVeComPvtApp-C: 10.147.160.0/20
DEVeComPvtApp-D: 10.147.192.0/20
Now duplicate this 6 times, changing DEV to Sandbox, Lab, QC, Svcs, Prod, etc...
My issue here, is IP Address Management for the Development Teams. While I am building out the subnet framework for them, so it will be portable when they want to add new VPCs, but actively scanning this many addresses on a local network would be frowned upon, ridiculously slow, and wasteful of bandwidth and processes, much less doing all that across a DirectConnect circuit half-way across the country.
Updated:
There is a way to schedule an "export" of the subnets in use in the AWS environments in .JSON format, so is there is a way to schedule an "import" into IPAM? Anyone familiar enough with AWS to know if there is a way to export the issued addresses DHCP-Server style?
As an aside, maybe a way to use the IPAM API in this would be to run by my developers to "Check-Out" a subnet once they've finished filling out the AWS fields to assign the addressing to their VPCs, Subnets, etc.. and that would export the pertinent information and trigger an import of the data into IPAM.
Picture this:
- Developers need to build up a new environment
- It will need a new Development environment, say in the 10.32.0.0/16
- The new Development VPC will need 12 new subnets, three /23's for Dev.Public across 3 Regions, three /23's for Dev.Private across 3 Regions, three /22's for Dev.DB across 3 Regions, three /24's for Dev.Services (Auth, Analytics, Logging), and three /24's for
- It will need a corresponding QC environment, say in the 10.33.0.0/16 subnet,
- and eventually a Production environment.
Since my Development Teams are spread all across the world, I would also like to use the IPAM API to allow them to "Check-Out" subnets while needed to prevent subnet overlap between them.
Certainly I'm not the first engineer that is using AWS and IPAM ... Anyone else tackled this?
Any thoughts?