Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

Prefix List

A prefix list is a collection of one or more IP CIDR blocks used to simplify the configuration and management of security groups and routing tables. There are customer-managed prefix lists and AWS-managed prefix lists.
There is no additional charge for using Prefix Lists as they are a fundamental component of Amazon VPC and included in the overall VPC usage charge. The cost of using Amazon VPC will depend on the number of prefix lists, the number of IP addresses, and the amount of data processed.
Direct Cost


Indirect Cost
No items found.
Terraform Name
Prefix List
  • address_family - (Required, Forces new resource) Address family (IPv4 or IPv6) of this prefix list.
  • entry - (Optional) Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.
  • max_entries - (Required) Maximum number of entries that this prefix list can contain.
  • name - (Required) Name of this resource. The name must not start with com.amazonaws.
  • tags - (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.


  • cidr - (Required) CIDR block of this entry.
  • description - (Optional) Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.

Associating resources with a
Prefix List
Resources do not "belong" to a
Prefix List
Rather, one or more Security Groups are associated to a resource.
Prefix List
via Terraform:
The following HCL creates an IPv4 prefix list with a maximum of 5 entries, and creates 2 entries in the prefix list

resource "aws_ec2_managed_prefix_list" "example" {
 name           = "All VPC CIDR-s"
 address_family = "IPv4"
 max_entries    = 5

 entry {
   cidr        = aws_vpc.example.cidr_block
   description = "Primary"

 entry {
   cidr        = aws_vpc_ipv4_cidr_block_association.example.cidr_block
   description = "Secondary"

 tags = {
   Env = "live"

Prefix List
via CLI:

[--dry-run | --no-dry-run]
--prefix-list-name <value>
[--entries <value>]
--max-entries <value>
[--tag-specifications <value>]
--address-family <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws ec2 create-managed-prefix-list \
   --address-family IPv4 \
   --max-entries 10 \
   --entries Cidr=,Description=vpc-a Cidr=,Description=vpc-b \
   --prefix-list-name vpc-cidrs

Best Practices for
Prefix List

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
All Resources