Security

Add Cloudflare IPs Amazon EC2 Security Group

If you want to add Cloudflare IPs Amazon EC2 Security Group values to restrict your server origin IP address, let's take a look at how to do that.
Brandon LeeMay 6, 2016Last Updated: January 11, 2021
2 minutes read
ec2sec01
ec2sec01

If you are utilizing Cloudflare as your DNS/CDN provider for your website and you are utilizing an Amazon EC2 instance as your host, let’s take a quick look at the topic – how to add cloudflare ips amazon EC2 security Group.  You want to do this to protect your origin server from being directly accessible to the Internet.  In this way, only cloudflare servers will be able to directly access your web host which greatly improves your security posture.

Add Cloudflare IPs Amazon EC2 Security Group

First things first, you can find the current list of cloudflare IPs via the page found here: https://www.cloudflare.com/ips/

Now that we have the list of IPs that should be added to the ACL listing in our Amazon EC2 security group, let’s take a look at how to add them in.  To see which security groups you are using, go to the EC2 Dashboard and then Instances.  Right click on your EC2 instance and select networking >> change security groups.  This will show you which security groups you are using by the check marks by them.

ec2sec01

Now, after you figure out the security groups in use, you can edit the security group.  Go to Network & Security >> Security Groups.  This will display a table of the security groups that have been created.

To edit, all you do is click on the security group.  Then the table at the bottom will have (4) tabs – Description, Inbound, Outbound, Tags.  We are concerned with restricted Inbound traffic, so click the Inbound tab and then Edit.ec2sec03

This brings up the Edit inbound rules table.  Here you can click the Add Rule button at the bottom which makes a new row in the table for your configuration.  Make sure you specify HTTP for the Type and Custom IP for the Source.  Then you simply add the Cloudflare IP addresses.  You can then remove the Any Source and 0.0.0.0/0 which will restrict any web traffic except that coming from Cloudflare.

ec2sec02

Final thoughts

Hopefully the above information will help any who might be struggling with how to add Cloudflare IPs to Amazon EC2 security groups.  The process is fairly straightforward and the main challenge is finding where to add the IPs and how to see which security groups are in use.  Hopefully, this post makes that a bit clearer.

Brandon LeeMay 6, 2016Last Updated: January 11, 2021
2 minutes read

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Settings-contained-in-the-Encryption-Oracle-Remediation-Fix

Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix

May 10, 2018
npslog04

Windows 2012 R2 NPS log files location configuration

April 22, 2016
Cyber,Security,,Data,Protection,,Information,Privacy.,Internet,And,Technology,Concept.

Top 20 Open Source Cyber Security Monitoring Tools in 2023

May 9, 2023
Top 20 Open Source Vulnerability Scanner Tools in 2023

Top 20 Open Source Vulnerability Scanner Tools in 2023

July 5, 2023

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  |