Guided Lab: Managing Prefix Lists
Description
Managed Prefix Lists is a set of one or more CIDR blocks that simplify configuring and maintaining your security groups and route tables. Instead of referencing individual IP addresses, you can group frequently used CIDR blocks into a prefix list and use it in security group rules or routes. For example, you can consolidate multiple security group rules with the same port and protocol into a single rule referencing the prefix list. Updating the prefix list will automatically apply changes to all associated security groups and routes if you need to scale your network and add a new CIDR block. Additionally, you can share customer-managed prefix lists across AWS accounts using AWS Resource Access Manager (RAM).
There are two types of prefix lists:
- Customer-managed prefix lists: Created and managed by you and shareable with other AWS accounts.
- AWS-managed prefix lists: Provided by AWS for service-related IP ranges, which cannot be modified or shared.
This lab will teach you how to create, manage, and use Managed Prefix Lists.
Prerequisites
This lab assumes you have the following:
- Basic knowledge and understanding of Amazon Virtual Private Cloud (VPC) and Ā IP addressing & network subnets.
If you find any gaps in your knowledge, consider taking the following lab:
- Creating a Custom Virtual Private Cloud (VPC) from scratch
- Security Group VS Network Access Control List
Objectives
By the end of this lab, you will:
- Understand what VPC Managed Prefix Lists are and their use cases.
- Learn how to create and manage a VPC Managed Prefix List.
- Practice adding entries to a Prefix List and using it with a security group or route table.
- Explore the security and management benefits of using Managed Prefix Lists.
Lab Steps
Create a VPC Managed Prefix List
1. Navigate to the VPC dashboard.
2. In the VPC Dashboard, select Managed Prefix Lists from the left-hand menu.
3. Click on the Create prefix list.
4. Follow the configuration below:
- Provide a Name for your prefix list (e.g.,
MyPrefixList
) and add a Description. - Specify the Maximum number of entries (this defines how many CIDR blocks you can add to the list). For this lab, use 1.
- In Prefix list entries, click on Add entry to add a CIDR block to the list. Enter the CIDR block (e.g.,
10.0.0.0/16
).
- Click Create prefix list to create the prefix list.
Use the Prefix List in a Security Group
1. Navigate to the EC2 Dashboard and select Security Groups under the Network & Security section.
2. Click on Create security group.Ā Follow the configurations below:
- Security group name: MySG
- Description: Using MyPrefixList
- VPC: Select available VPC
- In the Inbound rules section, click Add rule.
- Choose a Type (e.g.,
SSH
), set the Source to Prefix List, and select your created prefix list from the dropdown.
- Choose a Type (e.g.,
- Click Create security group.
Use the Prefix List in a Route Table
1. Go back to the VPC Dashboard and select Route Tables.
2. Click Create route table.
3. Follow the configurations below:
- NameĀ – optional: MyRT
- VPC: Select available VPC
- Click Create route table
4. Click Edit routes. Follow the configuration below:
- Click Add route and specify the Destination as your prefix list.
- Set the Target to the appropriate target (e.g., an Internet Gateway.)
- Click Save routes to update the route table.
Congratulations! You have successfully created and managed a Managed Prefix List in the AWS Management Console. You also explored using the prefix list with security groups and route tables to simplify IP address management and enhance network security. Managed Prefix Lists provide a centralized way to manage IP ranges, making it easier to apply consistent network policies across your AWS environment.
Key Takeaways:
- VPC Managed Prefix Lists help simplify the management of IP address ranges across multiple VPCs and accounts.
- Using prefix lists in security groups and route tables ensures consistent and efficient network configurations.
- This feature enhances security and makes network updates more manageable in large AWS environments.
As a best practice, remember to delete any resources no longer in use to maintain a clutter-free AWS environment.
Thank you for joining this lab, and happy learning!