Cloud-native IP Address Management
CloudPAM is a modern IPAM solution designed for hybrid and multi-cloud environments. It helps infrastructure teams plan, allocate, and track IP addresses across on-premises data centers and cloud providers.
- Hierarchical Pool Management - Organize IP addresses in a tree structure matching your network topology
- Cloud Discovery - Auto-import AWS VPCs/subnets/EIPs, AWS Organizations accounts, and GCP networks/subnetworks/external IPs
- Drift Detection - Compare discovered cloud resources against managed pools and resolve or ignore drift items
- Network Analysis - Gap analysis, fragmentation scoring, and compliance checks
- Recommendations - Automated allocation and compliance recommendations with apply/dismiss workflow
- Schema Wizard - Design IP schemas with conflict detection before deploying
- AI Planning - Optional OpenAI-compatible conversational planner with SSE streaming and plan apply
- CIDR Search - Unified search with containment queries across pools and accounts
- Auth & RBAC - Local users, session cookies, API keys, and optional OIDC/SSO
- Release Notes & Updates - Embedded changelog plus release-check and host-managed upgrade endpoints
- Audit Logging - Full activity tracking with filterable event log
- Observability - Structured logging (slog), Prometheus metrics, Sentry integration
- Dark Mode - Three-mode toggle (Light/Dark/System)
- Azure cloud discovery
- Active multi-tenant organization isolation and org management
- Distributed tracing (OpenTelemetry)
- External log destinations and SIEM forwarding
# Clone the repository
git clone https://github.com/BadgerOps/cloudpam.git
cd cloudpam
# Run with in-memory store (no dependencies needed)
just dev
# Or run directly
go run ./cmd/cloudpam
# Access the UI
open http://localhost:8080For SQLite persistence:
just sqlite-runSee the Deployment Guide for production setup.
| Component | Technology |
|---|---|
| Backend | Go 1.25 |
| Database | PostgreSQL 15+ (production) / SQLite (development) / In-memory (demo) |
| Frontend | React 18 + Vite + TypeScript + Tailwind CSS |
| API | OpenAPI 3.1 |
| Auth | Local sessions + API keys + OIDC + RBAC |
| Logging | slog (Go std lib) |
| Metrics | Prometheus |
| Error Tracking | Sentry (backend + frontend) |
| Document | Description |
|---|---|
| Deployment Guide | Production deployment options |
| API Examples | Common API usage patterns |
| Cloud Discovery | AWS discovery setup and API reference |
| Document | Description |
|---|---|
| API Specification | OpenAPI 3.1 spec |
| Database Schema | PostgreSQL/SQLite schema design |
| Authentication Flows | Session, API key, and RBAC flows |
| Smart Planning Architecture | Analysis engine and AI planning design |
| Observability Architecture | Logging, metrics, tracing, audit |
| Implementation Roadmap | Historical phased roadmap with a current status refresh |
| Code Review | Code review with prioritized issues |
| Discovery Agent Plan | Standalone discovery agent architecture |
CloudPAM provides a REST API served at /api/v1/. The OpenAPI spec is available at /openapi.yaml when running.
GET/POST /api/v1/pools- Pool management (CRUD, hierarchy, stats)GET/POST /api/v1/accounts- Cloud account managementGET /api/v1/blocks- List assigned blocks with filtersGET /api/v1/search- Unified search with CIDR containment queries
GET /api/v1/discovery/resources- List discovered cloud resourcesPOST /api/v1/discovery/sync- Trigger cloud syncPOST /api/v1/discovery/ingest/org- Bulk AWS Organizations ingestPOST /api/v1/drift/detect- Run drift detection against discovered resourcesGET /api/v1/drift- List drift items and summary data
POST /api/v1/analysis- Full network analysis reportPOST /api/v1/analysis/gaps- Gap analysis for a poolPOST /api/v1/analysis/fragmentation- Fragmentation scoringPOST /api/v1/analysis/compliance- Compliance checksPOST /api/v1/recommendations/generate- Generate recommendationsGET /api/v1/recommendations- List recommendationsPOST /api/v1/recommendations/{id}/apply- Apply a recommendationPOST /api/v1/ai/chat- Stream an AI planning responseGET/POST /api/v1/ai/sessions- Manage AI planning sessions
POST /api/v1/auth/login- Session loginGET /api/v1/auth/me- Current identityGET /api/v1/auth/keys- API key managementGET /api/v1/auth/oidc/providers- List enabled OIDC providersGET /api/v1/system/info- Version, release, and upgrade metadataGET /api/v1/updates- Check for newer releasesGET /healthz/GET /readyz- Health and readiness checksGET /metrics- Prometheus metrics
cloudpam/
├── cmd/cloudpam/ # Main entrypoint and storage selection
│ ├── main.go # Server startup, flags, graceful shutdown
│ ├── store_default.go # In-memory store (default build)
│ ├── store_sqlite.go # SQLite store (-tags sqlite)
│ └── store_postgres.go # PostgreSQL store (-tags postgres)
├── internal/
│ ├── domain/ # Core types (Pool, Account, DiscoveredResource, etc.)
│ ├── api/ # HTTP server, routes, handlers, middleware
│ ├── storage/ # Store interface + implementations
│ │ ├── sqlite/ # SQLite implementation
│ │ └── postgres/ # PostgreSQL implementation
│ ├── discovery/ # Cloud resource discovery
│ │ ├── aws/ # AWS collector (VPCs, subnets, EIPs, Organizations)
│ │ └── gcp/ # GCP collector (networks, subnetworks, external IPs)
│ ├── planning/ # Analysis engine, recommendations, AI planning
│ ├── auth/ # Authentication, RBAC, sessions, API keys
│ ├── audit/ # Audit logging
│ ├── cidr/ # CIDR math utilities
│ ├── validation/ # Input validation
│ └── observability/ # Logging, metrics
├── ui/ # React/Vite/TypeScript frontend
├── web/ # Embedded frontend assets (go:embed)
├── migrations/ # SQLite + PostgreSQL schema migrations
├── deploy/ # Deployment configurations
│ └── terraform/ # Discovery IAM and infrastructure helpers
├── docs/ # Project documentation + OpenAPI spec
├── .github/workflows/ # CI/CD (test, lint, release builds)
├── Justfile # Task runner commands
└── CLAUDE.md # AI assistant context
| Area | Status | Notes |
|---|---|---|
| Core IPAM | Complete | Pools, accounts, blocks, import/export, search, validation, audit |
| Discovery: AWS | Complete | Single-account and AWS Organizations discovery, agent flow, IaC helpers |
| Discovery: GCP | Partial | Collector exists for networks, subnetworks, and external IPs; AWS workflow/docs are more mature |
| Drift Detection | Complete | Unmanaged resource, CIDR mismatch, and orphaned discovered-pool detection with resolve/ignore workflow |
| Smart Planning | Complete | Analysis, recommendations, and schema planner are implemented |
| AI Planning | Complete, optional | OpenAI-compatible backend, SSE chat, stored sessions, plan extraction, and apply-plan flow |
| Auth & SSO | Complete | Local auth, sessions, API keys, OIDC provider management, JIT provisioning, local-auth toggle |
| Operations | Partial | Metrics, Sentry, release notes, and host-managed upgrades are implemented; tracing and log destinations are not |
| Multi-tenancy | Planned | PostgreSQL schema has default-org scaffolding, but the app still runs as single-tenant |
See Implementation Roadmap for the full development timeline.
- Go 1.25+
- Node.js 18+ (for frontend development)
- Just command runner
just dev # Run server on :8080 (in-memory store)
just build # Build binary
just sqlite-build # Build with SQLite support
just test # Run all tests
just test-race # Run tests with race detector
just lint # Run golangci-lint
just fmt # Format code
just cover # Generate coverage reportcd ui && npm install # Install dependencies
cd ui && npm run dev # Vite dev server (proxied to :8080)
cd ui && npm run build # Production build -> web/dist/
cd ui && npx vitest run # Run testsWe welcome contributions! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
MIT License - see LICENSE for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions