Amazon Web Service (AWS)

Prefix List

A prefix list is a collection of one or more IP CIDR blocks used to simplify the configuration and management of security groups and routing tables. There are customer-managed prefix lists and AWS-managed prefix lists.
Prefix List
  • address_family - (Required, Forces new resource) Address family (IPv4 or IPv6) of this prefix list.
  • entry - (Optional) Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.
  • max_entries - (Required) Maximum number of entries that this prefix list can contain.
  • name - (Required) Name of this resource. The name must not start with com.amazonaws.
  • tags - (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.


  • cidr - (Required) CIDR block of this entry.
  • description - (Optional) Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.

Associating resources with a
Prefix List
Resources do not "belong" to a
Prefix List
Rather, one or more Security Groups are associated to a resource.
Prefix List
via Terraform:
The following HCL creates an IPv4 prefix list with a maximum of 5 entries, and creates 2 entries in the prefix list

resource "aws_ec2_managed_prefix_list" "example" {
 name           = "All VPC CIDR-s"
 address_family = "IPv4"
 max_entries    = 5

 entry {
   cidr        = aws_vpc.example.cidr_block
   description = "Primary"

 entry {
   cidr        = aws_vpc_ipv4_cidr_block_association.example.cidr_block
   description = "Secondary"

 tags = {
   Env = "live"

Prefix List
via CLI:

[--dry-run | --no-dry-run]
--prefix-list-name <value>
[--entries <value>]
--max-entries <value>
[--tag-specifications <value>]
--address-family <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws ec2 create-managed-prefix-list \
   --address-family IPv4 \
   --max-entries 10 \
   --entries Cidr=,Description=vpc-a Cidr=,Description=vpc-b \
   --prefix-list-name vpc-cidrs

Best Practices for
Prefix List

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
All Resources