Posted On: Sep 8, 2023
Starting today, AWS-managed prefix lists can be used for Amazon Route 53 health checks to simplify the process of limiting inbound traffic to only the IP addresses associated with Route 53 health check servers. These prefix lists are maintained by Route 53 and contain up-to-date IP ranges for Route 53 health check servers.
Managed prefix lists for Route 53 health checks bring ease-of-use advantages to customers in managing their network security. With this feature, customers no longer need to manually allow Route 53 IP ranges or maintain prefix lists themselves. Users can instead reference these managed prefix lists through various AWS resources, including Amazon Virtual Private Cloud (VPC) security group rules, common security group rules with AWS Firewall Manager, and any other resources that support managed prefix lists. For instance, users may leverage the managed prefix lists in their VPC security group inbound rules to grant access only to Route 53 health check IP addresses for their EC2 instances.
Route 53 health checks managed prefix lists are available for immediate use through the AWS Console and the AWS SDK in all regions. Users can seamlessly incorporate prefix lists into their CloudFormation templates in all regions where CloudFormation is available. This feature is available to all AWS customers at no additional cost. For further information, please see the Route 53 health check developer guide.