Prefix List

A prefix list is a collection of one or more IP CIDR blocks used to simplify the configuration and management of security groups and routing tables. There are customer-managed prefix lists and AWS-managed prefix lists.

Terraform Name

aws_ec2_managed_prefix_list

Prefix List

attributes:

address_family - (Required, Forces new resource) Address family (IPv4 or IPv6) of this prefix list.
entry - (Optional) Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.
max_entries - (Required) Maximum number of entries that this prefix list can contain.
name - (Required) Name of this resource. The name must not start with com.amazonaws.
tags - (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

entry

cidr - (Required) CIDR block of this entry.
description - (Optional) Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.

‍

Associating resources with a

Prefix List

Resources do not "belong" to a

Prefix List

Rather, one or more Security Groups are associated to a resource.

Create

Prefix List

via Terraform:

The following HCL creates an IPv4 prefix list with a maximum of 5 entries, and creates 2 entries in the prefix list

Syntax:

resource "aws_ec2_managed_prefix_list" "example" {
name = "All VPC CIDR-s"
address_family = "IPv4"
max_entries = 5

entry {
cidr = aws_vpc.example.cidr_block
description = "Primary"
}

entry {
cidr = aws_vpc_ipv4_cidr_block_association.example.cidr_block
description = "Secondary"
}

tags = {
Env = "live"
}
}

Create

Prefix List

via CLI:

Parametres:

create-managed-prefix-list
[--dry-run | --no-dry-run]
--prefix-list-name <value>
[--entries <value>]
--max-entries <value>
[--tag-specifications <value>]
--address-family <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-managed-prefix-list \
--address-family IPv4 \
--max-entries 10 \
--entries Cidr=10.0.0.0/16,Description=vpc-a Cidr=10.2.0.0/16,Description=vpc-b \
--prefix-list-name vpc-cidrs

Costs

There is no additional charge for using Prefix Lists as they are a fundamental component of Amazon VPC and included in the overall VPC usage charge. The cost of using Amazon VPC will depend on the number of prefix lists, the number of IP addresses, and the amount of data processed.

Direct Cost

Indirect Cost

No items found.

Best Practices for

Prefix List

Categorized by Availability, Security & Compliance and Cost

Medium

AMI (Amazon Machine Images) not in use

AWS Cost Optimization