Create a prefix list for network rule configurations - Elastic Compute Service

A prefix list is a set of one or more network prefixes (CIDR blocks). You can create a prefix from CIDR blocks and reference the CIDR blocks as a set in network rules instead of referencing the CIDR blocks individually. This improves O&M efficiency. This topic describes how to create a prefix list in the Elastic Compute Service (ECS) console.

Important

If you use a Resource Access Management (RAM) user, the RAM user is granted permissions on prefix lists. For more information, see Control access to ECS resources by using RAM users.

Procedure

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > > Prefix Lists.
In the top navigation bar, select the region and resource group to which the resource belongs.
On the Prefix List page, click Create Prefix List.

In the Create Prefix List dialog box, configure the parameters described in the following table.

创建前缀列表

Parameter	Description
Name	Enter a name for the prefix list.
Description	Enter a description for the prefix list. We recommend that you describe the intended purpose of the prefix list.
Address Family	Select IPv4 or IPv6. After you create a prefix list, you cannot change its address family. If you select IPv4, you can specify only IPv4 CIDR blocks in the entries of the prefix list. If you select IPv6, you can specify only IPv6 CIDR blocks in the entries of the prefix list.
Max Entries	Specify the maximum number of entries in the prefix list. After you create a prefix list, you cannot change the maximum number of entries in the prefix list. Valid values: 1 to 200. Note The rule quotas of resources, such as security groups, that are associated with a prefix list are calculated based on the maximum number of entries in the prefix list, instead of the actual number of entries. Set a proper value for the Max Entries parameter.
Entries	Add CIDR blocks as entries to the prefix list. You can click Add Entries to add a CIDR block and enter a description for the CIDR block. The following limits apply to entries in a prefix list: The total number of entries cannot exceed the value set for Max Entries. You can enter multiple CIDR blocks at a time. Separate the CIDR blocks with spaces or commas (,). The address type of a CIDR block in each entry is determined by the Address Family parameter. You cannot combine IPv4 and IPv6 CIDR blocks in a single prefix list. CIDR blocks in entries in a prefix list must be unique. For example, you cannot specify 192.168.1.0/24 twice in the entries of the prefix list. You can specify an IP address. The system automatically converts the IP address to a CIDR block. For example, if you specify 192.168.1.100, the system automatically converts the IP address to 192.168.1.100/32. If an IPv6 CIDR block is specified, the system automatically converts the IPv6 CIDR block to the zero compression format. For example, if you specify 2001:0DB8:0000:0000:0000:0000:0000:0000/32, the system converts it to 2001:db8::/32.

Click Create.

References

You can call an API operation to create a prefix list. For more information, see CreatePrefixList.
After a prefix list is created, you can perform the following operations:
- Maintain the prefix list. For information about how to modify the name or entries of a prefix list, see Manage the entries in a prefix list.
- Reference the prefix list. For information about how to reference a prefix list in a security group rule, see Add a security group rule.
For information about the use scenarios of prefix lists, see Use prefix lists to simplify management of security group rules.