Amazon Virtual Private Cloud (VPC) customers can now use their own Prefix Lists to simplify the configuration of security groups and route tables

Posted on: Jun 29, 2020

Amazon Virtual Private Cloud (VPC) now allows you to create your own Prefix Lists that can be easily audited and applied across all your accounts to have a consistent security posture and routing behavior. A Prefix List is a collection of CIDR blocks that can be used to configure VPC security groups and route tables and shared with other AWS accounts using Resource Access Manager (RAM).

VPC security groups and route tables are used to control access and routing policies. Customers often have a common set of CIDR blocks for security group and route table configurations. Prefix Lists allows you to group multiple CIDR blocks into a single object, and use it as a reference in your security groups or route tables. This makes it easier for you to roll out changes and maintain consistency in security groups and route tables across multiple VPCs and accounts. For example, you can create a Prefix List to represent all your branch office CIDR blocks and use it to configure your security groups and route tables. When you add a new branch office, you simply add its CIDR block to the Prefix List, and this will automatically establish connectivity from all the corresponding VPCs and accounts.

To get started, use the AWS CLI, SDK or Console to create Prefix Lists. Prefix Lists can further be shared with different accounts using the Resource Access Manager (RAM). 

There is no additional charge to use the Prefix Lists. Support for Prefix Lists is available in all public regions with support in Africa (Cape Town), Europe (Milan), China (Beijing), and China (Ningxia) coming soon. For more information on prefix lists, visit our public documentation.