A web-based IP Address Management (IPAM) tool for Azure that provides comprehensive visibility into your IP address usage across tenants, subscriptions, and resource groups.
- View all public and private IP addresses across your Azure tenant
- Filter by subscription, resource group, IP type, and allocation method
- See which resources are using each IP address
- Click-through to Azure Portal for detailed resource management
- Export to CSV for reporting
- Visual utilization graphs for each subnet (color-coded: π’ green, π‘ amber, π΄ red)
- Group by VNet with expandable/collapsible views
- Track used vs. available IPs in real-time
- Identify subnets approaching exhaustion
- View delegations, NSG, and route table associations
- Automatically detect overlapping address spaces across VNets
- Identify subset/superset conflicts
- Impact analysis for each conflict
- Cross-subscription conflict detection
- Track network resource changes (create, update, delete)
- Monitor IP exhaustion warnings
- Quota usage alerts for public IPs
- Filter by event type, time range, and subscription
- Node.js 18+
- Azure CLI (
az login) - Azure subscription with network resources
# Clone the repository
git clone https://github.com/your-org/azure-ipam.git
cd azure-ipam
# Set up Azure credentials
cd deploy/local
cp .env.example .env
# Edit .env with your Azure credentials
# Install and run
cd ../../frontend
npm install
npm run devOpen http://localhost:3000 in your browser.
See Local Deployment Guide for detailed instructions.
| Deployment | Description | Guide |
|---|---|---|
| Azure Container Apps | One-click serverless deployment | deploy/azure-container-apps/ |
| Local Development | Native Node.js with hot reload | deploy/local/ |
| Docker | Production-ready containers with nginx | deploy/docker/ |
| Kubernetes | Kustomize manifests with HPA, PDB, ingress | deploy/kubernetes/ |
| Azure AKS | Full Azure integration with Key Vault, ACR, Managed Identity | deploy/azure-aks/ |
Click the Deploy to Azure button above, or use Azure CLI:
# Create resource group
az group create --name rg-azure-ipam --location eastus
# Deploy (requires App Registration - see deploy/azure-container-apps/README.md)
az deployment group create \
--resource-group rg-azure-ipam \
--template-file deploy/azure-container-apps/azuredeploy.json \
--parameters frontendClientId="<your-app-registration-client-id>"cd deploy/docker
cp .env.example .env
# Edit .env with your Azure credentials
docker-compose build
docker-compose up -d
# Access at http://localhost:8080# Configure secrets
kubectl create namespace azure-ipam
kubectl create secret generic azure-ipam-secrets \
--namespace azure-ipam \
--from-literal=AZURE_TENANT_ID=<your-tenant-id> \
--from-literal=AZURE_CLIENT_ID=<your-client-id> \
--from-literal=AZURE_CLIENT_SECRET=<your-secret>
# Deploy with Kustomize
kubectl apply -k deploy/kubernetes/basecd deploy/azure-aks
# Option 1: Automated (creates all Azure resources)
./deploy.sh
# Option 2: Infrastructure as Code
az deployment group create \
--resource-group rg-azure-ipam \
--template-file infrastructure/main.bicepThis tool requires read-only access to Azure networking resources. A custom "IPAM Reader" role is provided.
See AZURE-PERMISSIONS.md for:
- Custom role definition
- Service principal setup
- Managed identity configuration
- Multi-subscription access
# Create the IPAM Reader custom role
az role definition create --role-definition @ipam-reader-role.json
# Create service principal and assign role
az ad sp create-for-rbac --name "ipam-app" --skip-assignment
az role assignment create --assignee "<APP_ID>" --role "IPAM Reader" --scope "/providers/Microsoft.Management/managementGroups/<TENANT_ID>"βββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββββββ
β β β β β β
β React Frontend ββββββΆβ Azure FunctionsββββββΆβ Azure Resource β
β (TypeScript) β β API β β Graph β
β β β β β β
βββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββββββ
β β β
β β β
βΌ βΌ βΌ
βββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββββββ
β MSAL.js β β Azure Identity β β Activity Logs β
β (User Auth) β β (API Auth) β β API β
βββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββββββ
- Frontend: React 18, TypeScript, Tailwind CSS, AG Grid, Recharts
- Backend: Azure Functions (Node.js), Azure SDK
- Authentication: MSAL.js, Azure AD / Entra ID
- Data: Azure Resource Graph, Azure Activity Logs
Azure-IPAM/
βββ frontend/ # React + TypeScript frontend
β βββ src/
β β βββ components/ # UI components
β β βββ pages/ # Page components
β β βββ services/ # API client
β β βββ types/ # TypeScript types
β βββ package.json
βββ api/ # Azure Functions backend
β βββ src/
β β βββ functions/ # HTTP function handlers
β β βββ shared/ # Shared utilities
β βββ package.json
βββ deploy/ # Deployment configurations
β βββ local/ # Local development (docker-compose)
β βββ docker/ # Production Docker containers
β βββ kubernetes/ # Generic K8s manifests (Kustomize)
β β βββ base/ # Base manifests
β βββ azure-container-apps/ # One-click Azure deployment (ARM)
β βββ azure-aks/ # Azure AKS with Key Vault, ACR, Bicep
β βββ infrastructure/ # Bicep templates
β βββ patches/ # AKS-specific Kustomize patches
βββ docs/ # Documentation
β βββ AZURE-PERMISSIONS.md # Permissions guide
βββ ipam-reader-role.json # Custom Azure role definition
βββ README.md
| Variable | Description | Required |
|---|---|---|
AZURE_TENANT_ID |
Azure AD tenant ID | Yes |
AZURE_CLIENT_ID |
Service principal or app registration ID | Yes |
AZURE_CLIENT_SECRET |
Service principal secret (not needed for managed identity) | Depends |
VITE_AZURE_CLIENT_ID |
Frontend auth client ID | Yes |
VITE_AZURE_TENANT_ID |
Frontend tenant ID | Yes |
Contributions are welcome! Please read our contributing guidelines before submitting a PR.
This project is licensed under the MIT License - see the LICENSE file for details.