How to whitelist Cloudfront IPs in Load Balancer Security Group automatically


Hi All, Currently I am whitelisting cloudfront IPs by pulling the list of IPs shared by AWS in the URL ( and adding all these IPs in Security Group attached with Load Balancer. This process is a manual process. I came to know about "Managed Prefix List" which I guess solve the same purpose, but the IP ranges are different than the JSON list mentioned in the URL shared by AWS as below

The IPs in "Managed Prefix List" are not same in the above list. Which one is the correct list?

1 Answer

The Managed Prefix List is definitely the way to go. I know quite a few people who immediately deprecated their other processes when this was released. The previous Lambda-based solution at now says to use the Managed Prefix List too.

As for why the lists are different, I noticed in that there's different terminology used across the options. The Managed Prefix List contains "IP address ranges of all of CloudFront's globally distributed origin-facing servers", whereas contains "IP address ranges that are associated with CloudFront edge servers". The first sounds like a better list to me.

answered a year ago
profile pictureAWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions