Select Language:
If you’re trying to set up a security group to allow traffic from Cloudflare’s IP addresses, you might notice some challenges. Cloudflare provides a list of their origin-facing IPv4 addresses on their website, but managing this list manually can become time-consuming, especially if it changes frequently.
Luckily, AWS offers a helpful feature: a security prefix named “com.amazonaws.global.cloudfront.origin-facing.” This prefix is maintained by AWS and is supposed to include the correct Cloudflare IPv4 address list. Using this prefix can save you time because you won’t need to manually update your security groups each time Cloudflare updates their list.
However, in my experience, relying solely on this AWS prefix didn’t work as expected. It didn’t permit the necessary connections to pass through, which was frustrating. The better solution I found was to create a security group with rules that include the current Cloudflare IP addresses directly from their list.
Here’s a simple way to do it:
1. Visit Cloudflare’s list of IP addresses at their official page: https://www.cloudflare.com/ips/
2. Copy all the IPv4 addresses listed there.
3. In your AWS Security Groups, create a new rule for inbound traffic.
4. Add each IP address or CIDR block from the list as a separate rule, specifying the appropriate port and protocol for your setup.
5. Save your security group rules.
By doing this, I was able to establish the needed connections successfully. Just be aware that this list changes periodically, so it’s a good idea to check for updates every now and then to keep your rules current.
Keep in mind, the AWS list of rules consumes most of your allowed rules—55 out of 60—leaving only a few spots for other purposes. The Cloudflare list, on the other hand, uses fewer rules, making it a more efficient option if you’re managing many IP addresses.
This approach ensures your setup remains functional and up-to-date, without relying on potentially unreliable automated AWS prefixes.
ChatGPT
Perplexity
Gemini AI
Grok AI
