- 최신
- 최다 투표
- 가장 많은 댓글
The Managed Prefix List is definitely the way to go. I know quite a few people who immediately deprecated their other processes when this was released. The previous Lambda-based solution at https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/ now says to use the Managed Prefix List too.
As for why the lists are different, I noticed in https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html that there's different terminology used across the options. The Managed Prefix List contains "IP address ranges of all of CloudFront's globally distributed origin-facing servers", whereas https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips contains "IP address ranges that are associated with CloudFront edge servers". The first sounds like a better list to me.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전