Easiest way to Build Security Group rules and Route Entries in AWS (Managed Prefix List)
Adding IP prefixes to security group rules and route entries can be a time consuming and error prone task, especially when you have to build them on multiple VPCs. The fastest and most accurate method to reuse IP prefixes in your Security groups and route table entries is to use “Managed Prefix List”. This will save you time to build your security group rules and your route table entries.
When you build several security group, you have to specify the IP prefixes on EVERY Security group rule. If you have a rule with 10 or more IP prefixes you need to add them manually; it becomes a time consuming and error prone task. Even if you automate this process (eg. Terraform, CloudFormation) you still have to build your code for each security group for every VPC.
Another advantage is when you use the “managed prefix list” At the time you build Route tables you need to specify IP prefixes. You may have multiple IP prefixes, this can also be a time consuming and error prone task. You will have to add all those prefixes on multiple route tables.
- You can use the Managed Prefix List in other VPCs in the region
- You can share the Managed Prefix List to other accounts
- You have to build the Managed Prefix List in all your regions. Unfortunately the prefix lists can’t not be copied over to other regions. Terraform or Cloudformation would help have consistency.
AWS Service Quotas portal.
- Service quotas / limitations for inbound rules in security groups. Learn more…
2. Service quotas / limitations for routes. Learn more…
For more great tutorials go to https://www.smartcloudcomputing.net/
