Skip to content

Data Source: awsPrefixList

awsPrefixList provides details about a specific AWS prefix list (PL) in the current region.

This can be used both to validate a prefix list given in a variable and to obtain the CIDR blocks (IP address ranges) for the associated AWS service. The latter may be useful e.g., for adding network ACL rules.

The aws_ec2_managed_prefix_list data source is normally more appropriate to use given it can return customer-managed prefix list info, as well as additional attributes.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsNetworkAclBar = new aws.networkAcl.NetworkAcl(this, "bar", {
  vpcId: "${aws_vpc.foo.id}",
});
const awsVpcEndpointPrivateS3 = new aws.vpcEndpoint.VpcEndpoint(
  this,
  "private_s3",
  {
    serviceName: "com.amazonaws.us-west-2.s3",
    vpcId: "${aws_vpc.foo.id}",
  }
);
const dataAwsPrefixListPrivateS3 = new aws.dataAwsPrefixList.DataAwsPrefixList(
  this,
  "private_s3_2",
  {
    prefixListId: awsVpcEndpointPrivateS3.prefixListId,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsPrefixListPrivateS3.overrideLogicalId("private_s3");
const awsNetworkAclRulePrivateS3 = new aws.networkAclRule.NetworkAclRule(
  this,
  "private_s3_3",
  {
    cidrBlock: `\${${dataAwsPrefixListPrivateS3.cidrBlocks.fqn}[0]}`,
    egress: false,
    fromPort: 443,
    networkAclId: awsNetworkAclBar.id,
    protocol: "tcp",
    ruleAction: "allow",
    ruleNumber: 200,
    toPort: 443,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkAclRulePrivateS3.overrideLogicalId("private_s3");

Filter

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsPrefixList.DataAwsPrefixList(this, "test", {
  filter: [
    {
      name: "prefix-list-id",
      values: ["pl-68a54001"],
    },
  ],
});

Argument Reference

The arguments of this data source act as filters for querying the available prefix lists. The given filters must match exactly one prefix list whose data will be exported as attributes.

  • prefixListId - (Optional) ID of the prefix list to select.
  • name - (Optional) Name of the prefix list to select.
  • filter - (Optional) Configuration block(s) for filtering. Detailed below.

filter Configuration Block

The following arguments are supported by the filter configuration block:

  • name - (Required) Name of the filter field. Valid values can be found in the EC2 DescribePrefixLists API Reference.
  • values - (Required) Set of values that are accepted for the given filter field. Results will be selected if any given value matches.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - ID of the selected prefix list.
  • name - Name of the selected prefix list.
  • cidrBlocks - List of CIDR blocks for the AWS service associated with the prefix list.

Timeouts

Configuration options:

  • read - (Default 20M)