- Newest
- Most votes
- Most comments
The Managed Prefix List is definitely the way to go. I know quite a few people who immediately deprecated their other processes when this was released. The previous Lambda-based solution at https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/ now says to use the Managed Prefix List too.
As for why the lists are different, I noticed in https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html that there's different terminology used across the options. The Managed Prefix List contains "IP address ranges of all of CloudFront's globally distributed origin-facing servers", whereas https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips contains "IP address ranges that are associated with CloudFront edge servers". The first sounds like a better list to me.
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago