Resource: awsVpcIpamPoolCidr

Provisions a CIDR from an IPAM address pool.

\~> NOTE: Provisioning Public IPv4 or Public IPv6 require steps outside the scope of this resource. The resource accepts message and signature as part of the cidrAuthorizationContext attribute but those must be generated ahead of time. Public IPv6 CIDRs that are provisioned into a Pool with publiclyAdvertisable =True and all public IPv4 CIDRs also require creating a Route Origin Authorization (ROA) object in your Regional Internet Registry (RIR).

\~> NOTE: In order to deprovision CIDRs all Allocations must be released. Allocations created by a VPC take up to 30 minutes to be released. However, for IPAM to properly manage the removal of allocation records created by VPCs and other resources, you must grant it permissions in either a single account or organizationally. If you are unable to deprovision a cidr after waiting over 30 minutes, you may be missing the Service Linked Role.

Example Usage

Basic usage:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
  this,
  "current",
  {}
);
const awsVpcIpamExample = new aws.vpcIpam.VpcIpam(this, "example", {
  operatingRegions: [
    {
      regionName: dataAwsRegionCurrent.name,
    },
  ],
});
const awsVpcIpamPoolExample = new aws.vpcIpamPool.VpcIpamPool(
  this,
  "example_2",
  {
    addressFamily: "ipv4",
    ipamScopeId: awsVpcIpamExample.privateDefaultScopeId,
    locale: dataAwsRegionCurrent.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcIpamPoolExample.overrideLogicalId("example");
const awsVpcIpamPoolCidrExample = new aws.vpcIpamPoolCidr.VpcIpamPoolCidr(
  this,
  "example_3",
  {
    cidr: "172.2.0.0/16",
    ipamPoolId: awsVpcIpamPoolExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcIpamPoolCidrExample.overrideLogicalId("example");

Provision Public IPv6 Pool CIDRs:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
  this,
  "current",
  {}
);
const awsVpcIpamExample = new aws.vpcIpam.VpcIpam(this, "example", {
  operatingRegions: [
    {
      regionName: dataAwsRegionCurrent.name,
    },
  ],
});
const awsVpcIpamPoolIpv6TestPublic = new aws.vpcIpamPool.VpcIpamPool(
  this,
  "ipv6_test_public",
  {
    addressFamily: "ipv6",
    advertisable: false,
    awsService: "ec2",
    description: "public ipv6",
    ipamScopeId: awsVpcIpamExample.publicDefaultScopeId,
    locale: "us-east-1",
  }
);
const awsVpcIpamPoolCidrIpv6TestPublic =
  new aws.vpcIpamPoolCidr.VpcIpamPoolCidr(this, "ipv6_test_public_3", {
    cidr: "${var.ipv6_cidr}",
    cidrAuthorizationContext: {
      message: "${var.message}",
      signature: "${var.signature}",
    },
    ipamPoolId: awsVpcIpamPoolIpv6TestPublic.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcIpamPoolCidrIpv6TestPublic.overrideLogicalId("ipv6_test_public");

Argument Reference

The following arguments are supported:

cidr - (Optional) The CIDR you want to assign to the pool. Conflicts with netmaskLength.
cidrAuthorizationContext - (Optional) A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. This is not stored in the state file. See cidr_authorization_context for more information.
ipamPoolId - (Required) The ID of the pool to which you want to assign a CIDR.
netmaskLength - (Optional) If provided, the cidr provisioned into the specified pool will be the next available cidr given this declared netmask length. Conflicts with cidr.

cidrAuthorizationContext

message - (Optional) The plain-text authorization message for the prefix and account.
signature - (Optional) The signed authorization message for the prefix and account.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

id - The ID of the IPAM Pool Cidr concatenated with the IPAM Pool ID.
ipamPoolCidrId - The unique ID generated by AWS for the pool cidr. Typically this is the resource id but this attribute was added to the API calls after the fact and is therefore not used as the terraform resource id.

Import

IPAMs can be imported using the <cidr>_<ipamPoolId>. Please note we DO NOT use the ipam pool cidr id as this was introduced after the resource already existed. An import example:

$ terraform import aws_vpc_ipam_pool_cidr.example 172.2.0.0/24_ipam-pool-0e634f5a1517cccdc