I want to resolve the limit exceeded errors that I receive in Amazon Virtual Private Cloud (Amazon VPC) when I refer my prefix list ID.
Short description
Security group rules that refer to a prefix list simplify the configuration rules with multiple CIDR ranges. When you refer a prefix list to a security group that reached its entry limit, the following errors appear:
- "Client.RulesPerSecurityGroupLimitExceeded and the maximum number of rules per security group has been reached on console."
- "errorCode": "Client.RulesPerSecurityGroupLimitExceeded", "errorMessage": "The maximum number of rules per security group has been reached."
When you reference a prefix list in a resource, the number of entries for the prefix list count toward the quota for the resource. For example, if you reference a prefix list with 20 maximum entries in a security group rule, then the 20 entries count toward the rule.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
To modify the max entries value for your prefix list, use either the AWS CLI or the AWS Management Console.
Use the AWS CLI
Note: In the following commands, replace the example values with your values.
1. Run the describe-managed-prefix-lists command:
$ aws ec2 describe-managed-prefix-lists --filters --prefix-list-ids (example-prefix-list-ID)
2. To modify the max entries value in the prefix list, run the modify-managed-prefix-list command:
$ aws ec2 modify-managed-prefix-list --prefix-list-id (example-prefix-list-ID)--region <example-region> --max-entries <example-value>
Use the AWS Management Console
To use the AWS Management Console to modify the max entries value for a prefix list, see Resize a prefix list. To increase the number of rules per security group, request a quota increase. After the quota for your security group rules is increased, refer your prefix list in the security group.
Note: The default quota for inbound or outbound rules per security group is 60, and the default quota for security groups per network interface is five. These two quotas multiplied can't exceed 1,000. For more information, see Security groups.
Related information
Amazon VPC quotas
AWS-managed prefix list weight