Posted On: Oct 16, 2023

Starting today, Amazon Web Services-managed prefix lists can be used for Amazon Route 53 health checks to simplify the process of limiting inbound traffic to only the IP addresses associated with Route 53 health check servers. These prefix lists are maintained by Route 53 and contain up-to-date IP ranges for Route 53 health check servers.

Managed prefix lists for Route 53 health checks bring ease-of-use advantages to customers in managing their network security. With this feature, customers no longer need to manually allow Route 53 IP ranges or maintain prefix lists themselves. Users can instead reference these managed prefix lists through various Amazon Web Services resources, including Amazon Virtual Private Cloud (VPC) security group rules, common security group rules with Amazon Firewall Manager, and any other resources that support managed prefix lists. For instance, users may leverage the managed prefix lists in their VPC security group inbound rules to grant access only to Route 53 health check IP addresses for their EC2 instances.

Route 53 health checks managed prefix lists are available for immediate use through the Amazon Web Services Console and the Amazon SDK in China regions. Users can seamlessly incorporate prefix lists into their CloudFormation templates in China regions where CloudFormation is available. This feature is available to all customers at no additional cost. For further information, please see the Route 53 health check developer guide.