Using Cloudflare with Amazon EC2 and load balancers

Question

I am running my website on AWS.

I have one load balancer for my two web servers. My load balancer doesn't have a static IP address, it has a domain name.

I want my traffic to come only via the load balancer. I am using Cloudflare's DNS instead of Route 53, because that's what the Cloudflare instructions said.

I cannot add the load balancer's IP as an A record because it is dynamic and cannot be added through Cloudflare's DNS panel (Not like Route 53). Help me I am stuck in this situation. No solution is offered by Cloudflare so far.

Has anyone faced the same issue?

score 15 · Accepted Answer · edited May 05 '16 at 22:19

15

You can set your Cloudflare record as a CNAME alias of your ELB's A record

See: https://support.cloudflare.com/hc/en-us/articles/200168986-How-do-I-add-a-Amazon-ELB-Elastic-Load-Balancing-record-to-CloudFlare-

edited May 05 '16 at 22:19

jfountain

3,715
2
24
22

answered Oct 11 '14 at 18:54

Dmitry Mukhin

6,649
3
29
31

The above URL required login, after login showing error message like this "oops You're not authorized to access this page". let me know is there any other alternate way to solve this issue. – Kishore Jan 18 '19 at 06:29
@KishoreDR well, apparently Cloudflare has shuffled their docs, but the answer is here in the message: create a CNAME alias of ELB's A record. – Dmitry Mukhin Jan 23 '19 at 15:19
May I know if this `CNAME` to ELB's `A record` should use cloudflare's proxy or not? – Darryl RN Dec 14 '20 at 23:58
@DarrylRN it's up to you. if you want Cloudflare to act as a CDN, go ahead. If you just want to use DNS, leave this option greyed out. – Dmitry Mukhin Dec 21 '20 at 15:53
1

Note that this doesn't work correctly for a "bare" domain (ie: mydomain.com) as the record at the domain apex has to be an A-Record. CloudFlare offers to "flatten" the CNAME record by serving it as A records, but it only does that when the record is created and doesn't update when AWS changes the IP Address associated with the load balancer. – Brandon Aug 09 '21 at 22:21

score 4 · Answer 2 · answered Dec 18 '20 at 01:01

4

I decided like this:

I created in the cloudflare, in the DNS table, two CNAME records that point to the dns name of the load balancer generated in aws.

The first record created must contain in the "Name" field, the value "www" with the "content" field pointing to the url of the load balancer in aws. The second record, on the other hand, points to root, containing the value "@" in the "Name" field and "Content" pointing to the same load balancer server in "aws".

See the images below for a better understanding.

answered Dec 18 '20 at 01:01

Wedson Quintanilha da Silva

1,542
15
15

3

From above attached screenshot, I got a hint. I wrongly selected Proxied for proxy status. I just changed to DNS only. now everything working as expected – MUHAMMAD SHAHID RAFI C P Jan 05 '22 at 20:05
Had a subdomain and only one CNAME and `curl` was stuck when testing. Apparently the www rule is also important. – sakisk Jul 28 '23 at 11:07
@MUHAMMADSHAHIDRAFICP I believe if you select DNS Only you will lose cloudflare protection, which is not advisable. Then you need to implement security measures on the AWS side. Correct me if I am wrong. – Duke Aug 30 '23 at 09:11

score 3 · Answer 3 · answered Sep 21 '18 at 18:42

I suggest to manage your domain DNS with CloudFlare. Add a CNAME record for your subdomain demo which points to that IP. On CloudFlare Console go to Crypto > Origin Certificates. Create a new one with RSA, then import it to AWS Certificate Manager at us-east-1. For the certificate chain use this. Be sure that Always use HTTPS in Crypto tab is on. After some minutes you should be using your domain pointing to AWS with HTTPS working fine.

That's what I did to make a subdomain to work with an AWS API endpoint with SSL.

Can you explain more on the Certificate Chain part, the link attached did not explains how to retrieve. — Jason Lim Ji Chen, Sep 18 '22 at 15:21

score 1 · Answer 4 · answered Mar 22 '21 at 07:32

I've tried with the Cname record with target as Load Balancer DNS name, but the website is not secured. If you need static IP for your Load Balancer then use Global Accelerator. It will provide you a static IP. After that create an A record with domain name in cloud flare and content with your Static IP provided by Global Accelerator and the Proxy status must be Proxied.

Using Cloudflare with Amazon EC2 and load balancers

4 Answers4