Amazon-managed prefix lists
Amazon-managed prefix lists are sets of IP address ranges for Amazon services. These prefix lists are maintained by Amazon Web Services and provide a way to reference the IP addresses used by various Amazon offerings. This can be particularly useful when configuring security groups or other network-level controls within a VPC.
The prefix lists cover a wide range of Amazon services, including S3 and DynamoDB, and many others. By using the managed prefix lists, you can ensure that your network configurations are up-to-date and properly account for the IP addresses used by the Amazon services you depend on. This can help simplify networking tasks and reduce the administrative overhead of manually maintaining lists of IP addresses.
In addition to the practical benefits, using the managed prefix lists also aligns with Amazon security best practices. By relying on the authoritative IP address information provided by Amazon, you can minimize the risk of misconfiguration or unexpected connectivity issues. This can be especially important for mission-critical applications or workloads with strict compliance requirements.
Contents
Available Amazon-managed prefix lists
The following services provide Amazon-managed prefix lists.
Amazon Web Services service | Prefix list name | Weight |
---|---|---|
Amazon CloudFront | com.amazonaws.global.cloudfront.origin-facing | 55 |
Amazon DynamoDB | com.amazonaws.region .dynamodb |
1 |
Amazon EC2 Instance Connect | com.amazonaws.region .ec2-instance-connect |
2 |
com.amazonaws.region .ipv6.ec2-instance-connect |
2 | |
Amazon Ground Station | com.amazonaws.global.groundstation | 5 |
Amazon Route 53 | com.amazonaws.region .ipv6.route53-healthchecks |
25 |
com.amazonaws.region .route53-healthchecks |
25 | |
Amazon S3 | com.amazonaws.region .s3 |
1 |
Amazon S3 Express One Zone | com.amazonaws.region .s3express |
6 |
Amazon VPC Lattice | com.amazonaws.region .vpc-lattice |
10 |
com.amazonaws.region .ipv6.vpc-lattice |
10 |
To view the Amazon-managed prefix lists using the console
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
In the navigation pane, choose Managed Prefix Lists.
-
In the search field, add the Owner ID: Amazon filter.
To view the Amazon-managed prefix lists using the Amazon CLI
Use the describe-managed-prefix-lists
aws ec2 describe-managed-prefix-lists --filters Name=owner-id,Values=AWS
Amazon-managed prefix list weight
The weight of an Amazon-managed prefix list refers to the number of entries that it takes up in a resource.
For example, the weight of a Amazon CloudFront managed prefix list is 55. Here's how the this affects your Amazon VPC quotas:
Security groups – The default quota is 60 rules, leaving room for only 5 additional rules in a security group. You can request a quota increase
for this quota. Route tables – The default quota is 50 routes, so you must request a quota increase
before you can add the prefix list to a route table.
Use an Amazon-managed prefix list
Amazon-managed prefix lists are created and maintained by Amazon and can be used by anyone with an Amazon account. You cannot create, modify, share, or delete an Amazon-managed prefix list.
As with customer-managed prefix lists, you can use Amazon-managed prefix lists with Amazon resources such as security groups and route tables. For more information, see Optimize Amazon infrastructure management with prefix lists.