Except if you are willing to pay for a premium price (Business plan or higher) to get the CNAME setup capability - which allows you to retain your existing Route 53 nameservers but just perform CNAME to Cloudflare for the subdomains that you wish to apply Zero Trust.
Once domain is added to Cloudflare then the next step would be setting up Cloudflare Access to protect sensitive URLs from unauthorized access.
We are on business plan and we already verified the root domain partially by cname.
Website hosted on ec2, in example subdomain.xyzabc. → a record → ip4 route53
How we can apply Cloudflare`s restriction policies ?
Cloudflare Tunnel creating its own cname for the tunnel once created, not sure what to do with that cname…etc
Do we need to config tunnel wherever it is installed on ?