AWS Amazon EC2 Managed Prefix List Entry
This page shows how to write Terraform and CloudFormation for Amazon EC2 Managed Prefix List Entry and write them securely.
aws_ec2_managed_prefix_list_entry (Terraform)
The Managed Prefix List Entry in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_managed_prefix_list_entry
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
cidr
- (Required) CIDR block of this entry.description
- (Optional) Description of this entry. Due to API limitations, updating only the description of an entry requires recreating the entry.prefix_list_id
- (Required) CIDR block of this entry.
In addition to all arguments above, the following attributes are exported:
id
- ID of the managed prefix list entry.
Explanation in Terraform Registry
Provides a managed prefix list entry resource.
NOTE on Managed Prefix Lists and Managed Prefix List Entries: Terraform currently provides both a standalone Managed Prefix List Entry resource (a single entry), and a Managed Prefix List resource with entries defined in-line. At this time you cannot use a Managed Prefix List with in-line rules in conjunction with any Managed Prefix List Entry resources. Doing so will cause a conflict of entries and will overwrite entries.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::PrefixList Entry (CloudFormation)
The PrefixList Entry in EC2 can be configured in CloudFormation with the resource name AWS::EC2::PrefixList Entry
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
Cidr
The CIDR block.
Required: Yes
Type: String
Update requires: No interruption
Description
A description for the entry.
Constraints: Up to 255 characters in length.
Required: No
Type: String
Update requires: No interruption
Explanation in CloudFormation Registry
An entry for a prefix list.