Managed Prefix Lists

Create or Reference and Existing Managed Prefix List

The example below will create a managed prefix list named test-prefix-list and reference a built-in managed prefix list named route53-healthchecks. The key in the map object is the name that will be used to reference the prefix list in other parts of the tfvars configuration.

prefix_list = {
    "route53-healthchecks" = {
        id = "pl-0068613c321dee54b" // reference existing managed prefix list by ID
    }
    "test-prefix-list" = {
        address_family = "IPv4"
        max_entries   = 10
        entry = {
            entry1 = {
                cidr = "10.0.0.0/24"
            }
        }
    }
}

Reference a Managed Prefix List in a Security Group Rule

The example below will create security group ingress rule named Test_Existing_Prefix_List_Allow_Ping that allows ICMP traffic from the existing managed prefix list route53-healthchecks and another security group rule named Test_New_Prefix_List_Allow_Ping that allows ICMP traffic from the newly created managed prefix list test-prefix-list.

Note: This example does not represent a complete configuration, only the relevant portion for referencing managed prefix lists in security group rules.

vpcs = {
    SharedInfra = {
        security_groups = {
            KuiperSG = {
                ingress = {
                    Test_Existing_Prefix_List_Allow_Ping = {
                        from_port = -1
                        to_port = -1
                        ip_protocol = "icmp"
                        prefix_list = "route53-healthchecks"
                    },
                    Test_New_Prefix_List_Allow_Ping = {
                        from_port = -1
                        to_port = -1
                        ip_protocol = "icmp"
                        prefix_list = "test-prefix-list"
                    }
                }
            }
        }
    }
}