cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard
verified publisher icon aws-cloudformation

AWS::EC2::PrefixList - [BUG] - You cannot modify the entries and the maximum number of entries for the prefix list in the same request.

Open jk2l opened this issue 3 months ago • 2 comments

Name of the resource

AWS::EC2::PrefixList

Resource Name

AWS::EC2::PrefixList

Issue Description

Currently any modification into PrefixList you cannot modify the size and entries at the same time. If you use CDK codes to generate the PrefixLIst. the size is automatically set by the code base on your entries size.

While this is limitation part of PrefixList API. The CloudFormation can incorrectly fail with false positive to not recognize size no longer need to be updated in same request.

To successfully update the CloudFormation we will need to perform the following tasks:

  1. manually update the prefix list via AWS Console/CLI/API.
  • Update prefix list size
  • Update prefix list entries to match EXACTLY the same entries in CloudFormation (include entries description. any typo can cause it fail)
  1. Push our CloudFormation changes

This manual update also cause issues:

  1. PrefixList cannot effectively manage by CloudFormation/CDK
  2. If any CloudFormation fail and rollback happen. It re-trigger the error say cannot modify entries and resize in same request. This can also cause of other roll back fail and lot of manual fix require
  3. breaking the Infrustructure as Code requirement where little to no human involvement as possible (especially if we operate a strict secure compliance environment where there are limited permission outside of IaC pipeline. this made the resource unsuable for management)

Expected Behavior

CloudFormation resource should:

  1. should be able to recognize size not need to be update any more if prefix list already updated
  2. Cfn resource should be able to handle resize and update entries. This should be possible be coded as part of the CloudFormation resources

Observed Behavior

CloudFormation return error when try to update entries and size

Test Cases

Update the resource with new size and entries

Other Details

No response

jk2l avatar Oct 13 '25 01:10 jk2l

I have been caught by this bug as well. CDK team forward this was the issue of cloudformation. My current work around is if max entries change, change logic id and prefixlist name.

singlewind avatar Nov 07 '25 05:11 singlewind

I have been caught by this bug as well. CDK team forward this was the issue of cloudformation. My current work around is if max entries change, change logic id and prefixlist name.

don't forget to thumb up the original post, as it is how they keep track of issues impact and traction

jk2l avatar Nov 10 '25 02:11 jk2l