Increase prefix list entry limit to more than 1000 and fix bugs

[douniwan5788]

No description provided.

[lazize]

What is the plan with >1000 prefix list?
How to use it inside a Security Group?

[douniwan5788]

What is the plan with >1000 prefix list? How to use it inside a Security Group?

Many AWS services exceed 1000 CIDRs when combining several regions. Without this patch, the script will not function properly.

In fact, this patch distributes CIDRs exceeding 1000 across multiple prefix lists, each containing less than 1000 CIDRs. Security Groups are actually associated with ENIs (Elastic Network Interfaces), not instances. By associating these prefix lists with multiple Security Groups and subsequently with multiple ENIs, we can apply more than 1000 CIDRs to a single instance by binding multiple ENIs.

[lazize]

Correct, many exceed, it doesn't mean we need to allow and use all of them. At least not with Prefix List.

Following this logic, it means it will be required to expose all ENI's from this particular instance in order for it to be exposed and accept request from all IP range. So you can't expose the instance, you will need to expose the ENI IPs.
Which is not a best practice. We should expose ALB/NLB and not Instance or IPs from instance.

Please tell me a use case you need to use this to handle >1000 IP on Prefix List today. What is your requirement?