AWS-managed prefix lists - Amazon Virtual Private Cloud

AWS-managed prefix lists

AWS-managed prefix lists are sets of IP address ranges for AWS services. These prefix lists are maintained by Amazon Web Services and provide a way to reference the IP addresses used by various AWS offerings. This can be particularly useful when configuring security groups or other network-level controls within a VPC.

The prefix lists cover a wide range of AWS services, including S3 and DynamoDB, and many others. By using the managed prefix lists, you can ensure that your network configurations are up-to-date and properly account for the IP addresses used by the AWS services you depend on. This can help simplify networking tasks and reduce the administrative overhead of manually maintaining lists of IP addresses.

In addition to the practical benefits, using the managed prefix lists also aligns with AWS security best practices. By relying on the authoritative IP address information provided by AWS, you can minimize the risk of misconfiguration or unexpected connectivity issues. This can be especially important for mission-critical applications or workloads with strict compliance requirements.

Available AWS-managed prefix lists

The following services provide AWS-managed prefix lists.

AWS service Prefix list name Weight
Amazon CloudFront com.amazonaws.global.cloudfront.origin-facing 55
Amazon DynamoDB com.amazonaws.region.dynamodb 1
Amazon EC2 Instance Connect com.amazonaws.region.ec2-instance-connect 2
com.amazonaws.region.ipv6.ec2-instance-connect 2
AWS Ground Station com.amazonaws.global.groundstation 5
Amazon Route 53 com.amazonaws.region.ipv6.route53-healthchecks 25
com.amazonaws.region.route53-healthchecks 25
Amazon S3 com.amazonaws.region.s3 1
Amazon S3 Express One Zone com.amazonaws.region.s3express 6
Amazon VPC Lattice com.amazonaws.region.vpc-lattice 10
com.amazonaws.region.ipv6.vpc-lattice 10
To view the AWS-managed prefix lists using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Managed Prefix Lists.

  3. In the search field, add the Owner ID: AWS filter.

To view the AWS-managed prefix lists using the AWS CLI

Use the describe-managed-prefix-lists command as follows.

aws ec2 describe-managed-prefix-lists --filters Name=owner-id,Values=AWS

AWS-managed prefix list weight

The weight of an AWS-managed prefix list refers to the number of entries that it takes up in a resource.

For example, the weight of a Amazon CloudFront managed prefix list is 55. Here's how the this affects your Amazon VPC quotas:

Use an AWS-managed prefix list

AWS-managed prefix lists are created and maintained by AWS and can be used by anyone with an AWS account. You cannot create, modify, share, or delete an AWS-managed prefix list.

As with customer-managed prefix lists, you can use AWS-managed prefix lists with AWS resources such as security groups and route tables. For more information, see Optimize AWS infrastructure management with prefix lists.