Amazon-managed prefix lists - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon-managed prefix lists

Amazon-managed prefix lists are sets of IP address ranges for Amazon services. These prefix lists are maintained by Amazon Web Services and provide a way to reference the IP addresses used by various Amazon offerings. This can be particularly useful when configuring security groups, network ACLs, or other network-level controls within a VPC.

The prefix lists cover a wide range of Amazon services, including S3 and DynamoDB, and many others. By using the managed prefix lists, you can ensure that your network configurations are up-to-date and properly account for the IP addresses used by the Amazon services you depend on. This can help simplify networking tasks and reduce the administrative overhead of manually maintaining lists of IP addresses.

In addition to the practical benefits, using the managed prefix lists also aligns with Amazon security best practices. By relying on the authoritative IP address information provided by Amazon, you can minimize the risk of misconfiguration or unexpected connectivity issues. This can be especially important for mission-critical applications or workloads with strict compliance requirements.

Available Amazon-managed prefix lists

The following services provide Amazon-managed prefix lists.

Amazon Web Service Prefix list name Weight
Amazon CloudFront com.amazonaws.global.cloudfront.origin-facing 55
Amazon DynamoDB com.amazonaws.region.dynamodb 1
Amazon Ground Station com.amazonaws.global.groundstation 5
Amazon Route 53 com.amazonaws.region.ipv6.route53-healthchecks 25
com.amazonaws.region.route53-healthchecks 25
Amazon S3 com.amazonaws.region.s3 1
Amazon S3 Express One Zone com.amazonaws.region.s3express 6
Amazon VPC Lattice com.amazonaws.region.vpc-lattice 10
com.amazonaws.region.ipv6.vpc-lattice 10
To view the Amazon-managed prefix lists using the console
  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose Managed Prefix Lists.

  3. In the search field, add the Owner ID: Amazon filter.

To view the Amazon-managed prefix lists using the Amazon CLI

Use the describe-managed-prefix-lists command as follows.

aws ec2 describe-managed-prefix-lists --filters Name=owner-id,Values=AWS

Amazon-managed prefix list weight

The weight of an Amazon-managed prefix list refers to the number of entries that it takes up in a resource.

For example, the weight of a Amazon CloudFront managed prefix list is 55. Here's how the this affects your Amazon VPC quotas:

Use an Amazon-managed prefix list

Amazon-managed prefix lists are created and maintained by Amazon and can be used by anyone with an Amazon account. You cannot create, modify, share, or delete an Amazon-managed prefix list.

As with customer-managed prefix lists, you can use Amazon-managed prefix lists with Amazon resources such as security groups and route tables. For more information, see Optimize Amazon infrastructure management with prefix lists.