Adding IP prefixes to security group rules and route entries can be a time consuming and error prone task, especially when you have to build them on multiple VPCs. The fastest and most accurate method to reuse IP prefixes in your Security groups and route table entries is to use “Managed Prefix List“. This will save you time to build your security group rules and your route table entries.
When you build several security group, you have to specify the IP prefixes on EVERY Security group rule. If you have a rule with 10 or more IP prefixes you need to add them manually; it becomes a time consuming and error prone task. Even if you automate this process (eg. Terraform, CloudFormation) you still have to build your code for each security group for every VPC.
Another advantage is when you use the “managed prefix list” When you build Route tables you need to specify IP prefixes. You may have multiple IP prefixes, this can also be a time consuming and error prone task. You will have to add all those prefixes on multiple route tables.
- You can use the Managed Prefix List in other VPCs in the region.
- You can share the Managed Prefix List to other accounts.
- You have to build the Managed Prefix List in all your regions.
AWS SERVICE QUOTAS PORTAL
- Services quotas / limitations for inbound rules in security groups. Learn more…
- Service quotas / limitations for routes. Learn more…
Consider Donating to allow me to make more useful videos for you and keep this space (your space) ad free. When you donate I will provide a discount code in my training store. Go to the discount page here. |
Disclaimer: The information posted here is informational only. Ricardo Gutierrez won’t be held liable for any mishaps, failures or any other negative outcome. It is the reader’s responsibility to make their own decisions and act on them.
Comments
Post a Comment