Add Cloudflare IPs Amazon EC2 Security Group

by Brandon Lee
ec2sec01

If you are utilizing Cloudflare as your DNS/CDN provider for your website and you are utilizing an Amazon EC2 instance as your host, let’s take a quick look at the topic – how toย add cloudflare ips amazon EC2 security Group. ย You want to do this to protect your origin server from being directly accessible to the Internet. ย In this way, only cloudflare servers will be able to directly access your web host which greatly improves your security posture.

Add Cloudflare IPs Amazon EC2 Security Group

First things first, you can find the current list of cloudflare IPs via the page found here:ย https://www.cloudflare.com/ips/

Now that we have the list of IPs that should be added to the ACL listing in our Amazon EC2 security group, let’s take a look at how to add them in. ย To see whichย security groups you are using, go to the EC2 Dashboard and then Instances. ย Right click on your EC2 instance and selectย networking >> change security groups. ย This will show you which security groups you are using by the check marks by them.

ec2sec01

Now, after you figure out the security groups in use, you canย edit the security group. ย Go toย Network & Security >> Security Groups. ย This will display a table of the security groups that have been created.

To edit, all you do is click on the security group. ย Then the table at the bottom will have (4) tabs – Description, Inbound, Outbound, Tags. ย We are concerned with restrictedย Inbound traffic, so click theย Inbound tab and thenย Edit.ec2sec03

This brings up theย Edit inbound rulesย table. ย Here you can click theย Add Rule button at the bottom which makes a new row in the table for your configuration. ย Make sure you specifyย HTTP for theย Type andย Custom IPย for theย Source. ย Then you simply add the Cloudflare IP addresses. ย You can then remove theย Any Source andย 0.0.0.0/0ย which will restrict any web traffic except that coming from Cloudflare.

ec2sec02

Final thoughts

Hopefully the above information will help any who might be struggling with how to add Cloudflare IPs to Amazon EC2 security groups. ย The process is fairly straightforward and the main challenge is finding where to add the IPs and how to see which security groups are in use. ย Hopefully, this post makes thatย a bit clearer.

About The Author

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don’t have to.

See author's posts

Related Posts

0 0 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Moscato

These IPs change over time. Is there a good way to automate a script to do this?

0
Reply