- Newest
- Most votes
- Most comments
Mr Jimenez,
It sounds like you should look into managing your CIDR blocks by grouping them into prefix lists. You can then us the prefix lists in your Security Groups and Route Tables. Here are some details to get you started as well as the link to the full documentation.
A managed prefix list is a set of CIDR blocks you define. As you can imagine you can combine a group of regularly pair CIDR blocks (IPv4 or IPv6) into a prefix list. You can't combine IPv4 and IPv6 in the same list so you need to create a separate list for each if needed. One other important note, they are a Regional construct so you will have to create them in each Region you want to use them. There are two types of prefix lists just so you are aware:
- Customer-managed prefix lists - What you are most likely looking for
- AWS-managed prefix lists - These are fixed lists you can't create, modify, share or delete. They are sets of IPs for AWS services.
Here are some concepts and rules (can be found on the page from the link at the bottom, but cut and paste them here to get you started):
Customer-managed prefix lists The following rules apply to customer-managed prefix lists:
- A prefix list supports a single type of IP addressing only (IPv4 or IPv6). You cannot combine IPv4 and IPv6 CIDR blocks in a single prefix list.
- A prefix list applies only to the Region where you created it.
- When you create a prefix list, you must specify the maximum number of entries that the prefix list can support.
- When you reference a prefix list in a resource, the maximum number of entries for the prefix lists counts against the quota for the number of entries for the resource. For example, if you create a prefix list with 20 maximum entries and you reference that prefix list in a security group rule, this counts as 20 security group rules.
- When you reference a prefix list in a route table, route priority rules apply. For more information, see Route priority and prefix lists.
- You can modify a prefix list. When you add or remove entries, we create a new version of the prefix list. Resources that reference the prefix always use the current (latest) version. You can restore the entries from a previous version of the prefix list, which also creates a new version.
- There are quotas related to prefix lists. For more information, see Customer-managed prefix lists.
- Customer-managed prefix lists are available in all commercial AWS Regions (including GovCloud (US) and China Regions).
AWS-managed prefix lists The following rules apply to AWS-managed prefix lists:
- You cannot create, modify, share, or delete an AWS-managed prefix list.
- Different AWS-managed prefix lists have a different weight when you use them. For more information, see AWS-managed prefix list weight.
- You cannot view the version number of an AWS-managed prefix list.
Please look at the documentation for configuring IAM rules for prefix lists as well as the steps to actually configure them. https://docs.aws.amazon.com/es_en/vpc/latest/userguide/managed-prefix-lists.html
Hope this helps.
Hello.
How about creating a prefix list?
You can create prefix lists to group common rules.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-managed-prefix-lists.html
Relevant content
- asked 3 years ago
For example, suppose you have the following security group rule. In the case below, 10.0.0.0/16 and 172.0.0.0/16 are common IPv4 CIDRs, so they can be reused in other rules by registering them as a prefix list.