Reputation: 161
AWS ElasticBeanstalk + cloudflare
I have a question about setup AWS + Cloudflare
1) I have an instance on AWS Beanstalk with some public url like xxx.zone.elasticbeanstalk.com
2) I decide to use cloudflare for: IPv6 support, SSL certificates, HTTP/2 support.
Is it enough to setup just CNAME records on cloudflare, or it is better to setting up direct IP to EC2 instance?
Do I need to close access to my EC2 instance via IP or Beanstalk public address?
Upvotes: 0
Views: 1457
Answers (1)
Reputation: 200486
Is it enough to setup just CNAME records on cloudflare, or it is better to setting up direct IP to EC2 instance?
You should never use direct IP of Elastic Beanstalk instances because that IP is subject to change. Plus if you are using a load-balanced multi-instance Beanstalk configuration, you will need to use the load balanced DNS address, not an individual EC2 instance address.
Do I need to close access to my EC2 instance via IP or Beanstalk public address?
You would have to somehow block access to all IPs except CloudFlare IPs. Unless you have a list of every CloudFlare server IP (which would be a very large list) you won't be able to lock that down.
CloudFlare offers the Argo Tunnel service if you want to lock down your origin servers so that only CloudFlare can access them.
Upvotes: 2
Related Questions
- AWS hosting with HTTPS
- How To Get SSL Working with Elastic Beanstalk, Route53 and Cloudflare
- Cloudflare With AWS ELB using AWS certs
- Cannot make HTTPS work between CloudFront and Elastic BeanStalk
- Http to Https AWS Elasticbeanstalk
- SSL on Elastic Beanstalk
- Elastic Beanstalk over SSL on Cloudflare
- mod_cloudflare on elastic beanstalk
- AWS Elasticbeanstalk Single Instance Force SSL
- SSL cert for GoDaddy and ElasticBeanStalk