- 新しい順
- 投票が多い順
- コメントが多い順
Currently, as of Control Tower the 2.7 version of the Landing Zone does not use IPAM, but with all things AWS that could change down the road. While Control Tower does not directly use IPAM it doesn't mean it can't be incorporated as the Account Factory and Account Factory for Terraform (AFT) provide both Cloudformation and Terraform methods to customize your Control Tower controlled organization. You could disable the default Control Tower Network Configuration and instead implement your own customized version.
In addition to the answer above, this blog describes a solution that uses Control Tower's account factory to automate the process of sharing a VPC IPAM pool with newly created managed accounts: https://aws.amazon.com/blogs/mt/using-amazon-ipam-to-enhance-aws-control-tower-governance-for-networking-resources/
As of today, VPC IPAM does not automate creating VPCs, but you could extend the solution above to automatically create VPCs that are compliant with IPAM pools.
