Work with AWS-managed prefix lists
AWS-managed prefix lists are sets of IP address ranges for AWS services.
Use an AWS-managed prefix list
AWS-managed prefix lists are created and maintained by AWS and can be used by anyone with an AWS account. You cannot create, modify, share, or delete an AWS-managed prefix list.
You can see the available AWS-managed prefix lists and the prefix list IDs in the following ways:
Open Managed Prefix Lists in the navigation pane of the Amazon VPC Console.
Use the describe-managed-prefix-lists AWS CLI command.
Use the DescribeManagedPrefixLists API.
The following AWS-managed prefix lists are available:
| Prefix list name | AWS service |
|---|---|
|
com.amazonaws.region.s3 |
Amazon S3 |
|
com.amazonaws.region.dynamodb |
DynamoDB |
|
com.amazonaws.global.cloudfront.origin-facing |
Amazon CloudFront |
As with customer-managed prefix lists, AWS-managed prefix lists can be used with AWS resources such as security groups and route tables. For more information, see Reference prefix lists in your AWS resources.
AWS-managed prefix list weight
The AWS-managed prefix list weight refers to the number of entries a prefix list will take up in a resource.
| Prefix list name | AWS service | Weight |
|---|---|---|
|
com.amazonaws.region.s3 |
Amazon S3 |
1 |
|
com.amazonaws.region.dynamodb |
DynamoDB | 1 |
|
com.amazonaws.global.cloudfront.origin-facing |
Amazon CloudFront | 55 |
The Amazon CloudFront managed prefix list weight is unique in how it affects Amazon VPC quotas:
It counts as 55 rules in a security group. The default quota is 60 rules, leaving room for only 5 additional rules in a security group. You can request a quota increase
for this quota. It counts as 55 routes in a route table. The default quota is 50 routes, so you must request a quota increase
before you can add the prefix list to a route table.
For more information, see Use the CloudFront managed prefix list in the Amazon CloudFront Developer Guide.
