CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

Prefix List

Network
A prefix list is a collection of one or more IP CIDR blocks used to simplify the configuration and management of security groups and routing tables. There are customer-managed prefix lists and AWS-managed prefix lists.
Costs
There is no additional charge for using Prefix Lists as they are a fundamental component of Amazon VPC and included in the overall VPC usage charge. The cost of using Amazon VPC will depend on the number of prefix lists, the number of IP addresses, and the amount of data processed.
Direct Cost

--

Indirect Cost
No items found.
Terraform Name
aws_ec2_managed_prefix_list
Prefix List
attributes:
  • address_family - (Required, Forces new resource) Address family (IPv4 or IPv6) of this prefix list.
  • entry - (Optional) Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.
  • max_entries - (Required) Maximum number of entries that this prefix list can contain.
  • name - (Required) Name of this resource. The name must not start with com.amazonaws.
  • tags - (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

entry

  • cidr - (Required) CIDR block of this entry.
  • description - (Optional) Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.

Associating resources with a
Prefix List
Resources do not "belong" to a
Prefix List
Rather, one or more Security Groups are associated to a resource.
Create
Prefix List
via Terraform:
The following HCL creates an IPv4 prefix list with a maximum of 5 entries, and creates 2 entries in the prefix list
Syntax:

resource "aws_ec2_managed_prefix_list" "example" {
 name           = "All VPC CIDR-s"
 address_family = "IPv4"
 max_entries    = 5

 entry {
   cidr        = aws_vpc.example.cidr_block
   description = "Primary"
 }

 entry {
   cidr        = aws_vpc_ipv4_cidr_block_association.example.cidr_block
   description = "Secondary"
 }

 tags = {
   Env = "live"
 }
}

Create
Prefix List
via CLI:
Parametres:

create-managed-prefix-list
[--dry-run | --no-dry-run]
--prefix-list-name <value>
[--entries <value>]
--max-entries <value>
[--tag-specifications <value>]
--address-family <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-managed-prefix-list \
   --address-family IPv4 \
   --max-entries 10 \
   --entries Cidr=10.0.0.0/16,Description=vpc-a Cidr=10.2.0.0/16,Description=vpc-b \
   --prefix-list-name vpc-cidrs

Best Practices for
Prefix List

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
We haven't write about
Prefix List
yet.
View all blog posts ->
All Resources
Compute
Athena
Auto Scaling Group
Availability Zone
EC2
ECS
ECS Task Definition
EKS
Lambda Function
Region
SageMaker Notebook
Database
DMS
DocumentDB
DynamoDB
EMR
ElastiCache
Glue
OpenSearch
RDS
Network
ALB
API Gateway
CloudFront
Direct Connect
Direct Connect Gateway
ELB
ENI
Elastic IP
GLB
Internet Gateway
NAT Gateway
NLB
Prefix List
Route 53
Route Table
Site-to-Site VPN Connection
Subnet
Target Group
Transit Gateway
VPC
VPC Endpoint
VPC Peering
VPN Customer Gateway
Virtual Private Gateway
Permission
IAM Account Password Policy
IAM Group
IAM Policy
IAM Role
IAM User
Instance Profile
Queue
Kinesis
MSK
SES
SNS
SQS
Security
CloudWatch
GuardDuty
Config
WAF
Network ACL
KMS
Security Group
Storage
EFS
S3 Glacier
AMI
EBS Snapshots
EBS Volume
S3 Bucket
Kubernetes
Network Policy
StatefulSet
Service
ReplicaSet
Namespace
Ingress
Endpoints
Deployment
Service Account
Pod