Security

Add Cloudflare IPs Amazon EC2 Security Group

If you want to add Cloudflare IPs Amazon EC2 Security Group values to restrict your server origin IP address, let's take a look at how to do that.

If you are utilizing Cloudflare as your DNS/CDN provider for your website and you are utilizing an Amazon EC2 instance as your host, let’s take a quick look at the topic – how to add cloudflare ips amazon EC2 security Group.  You want to do this to protect your origin server from being directly accessible to the Internet.  In this way, only cloudflare servers will be able to directly access your web host which greatly improves your security posture.

Add Cloudflare IPs Amazon EC2 Security Group

First things first, you can find the current list of cloudflare IPs via the page found here: https://www.cloudflare.com/ips/

Now that we have the list of IPs that should be added to the ACL listing in our Amazon EC2 security group, let’s take a look at how to add them in.  To see which security groups you are using, go to the EC2 Dashboard and then Instances.  Right click on your EC2 instance and select networking >> change security groups.  This will show you which security groups you are using by the check marks by them.

ec2sec01

Now, after you figure out the security groups in use, you can edit the security group.  Go to Network & Security >> Security Groups.  This will display a table of the security groups that have been created.

To edit, all you do is click on the security group.  Then the table at the bottom will have (4) tabs – Description, Inbound, Outbound, Tags.  We are concerned with restricted Inbound traffic, so click the Inbound tab and then Edit.ec2sec03

This brings up the Edit inbound rules table.  Here you can click the Add Rule button at the bottom which makes a new row in the table for your configuration.  Make sure you specify HTTP for the Type and Custom IP for the Source.  Then you simply add the Cloudflare IP addresses.  You can then remove the Any Source and 0.0.0.0/0 which will restrict any web traffic except that coming from Cloudflare.

ec2sec02

Final thoughts

Hopefully the above information will help any who might be struggling with how to add Cloudflare IPs to Amazon EC2 security groups.  The process is fairly straightforward and the main challenge is finding where to add the IPs and how to see which security groups are in use.  Hopefully, this post makes that a bit clearer.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.