521 Error from Cloudflare when in front of Serverless AWS (API Gateway + AWS Lambda)

We’re experiencing an issue where when Cloudflare Proxy is enabled, any attempts to access the domain respond with a Cloudflare 521 error page.

We know the webserver behind it is working absolytely perfectly as when Cloudflare Proxy is disabled for the record in question it starts working again a couple of minutes later.

Our setup is:
Cloudflare DNS (Proxied) as a CNAME to a Amazon API Gateway domain, this in turn triggers AWS Lambda which responds with our website.

I’ve checked and double checked and we have nothing in place as far as I can see that would block Cloudflare, the security groups are open for 80/443 traffic from all IPs, and having tested through other services they can all access the endpoint okay when the Cloudflare Proxy is disabled.

I’m starting to wonder if AWS are blocking the Cloudflare range at a higher level as we don’t even see the Cloudflare requests coming in Cloudwatch or at a VPC flow log level either.

I’d appreciate any suggestions people might have to get this working, or if someone from Cloudflare could look into the exact reason the 521 error is being returned.

Thanks in advance

Aran

I’m seeing the same problem here… @aran, did you find an resolution to your issue?

Yes it did eventually work it out.

I had to download Cloudflare’s Edge Certificate and upload this into Amazon Certificate Manager, then set this to be used on API Gateway.

After which is all worked perfectly :slight_smile:

Hope this helps