AWS security group settings involving Load Balancer and Cloudflare

I have an infrastructure system on AWS which was configured by someone else and now I’m trying to get my head around the setup.

The setup:

  • ECS cluster (with frontend and backend)
  • a load balancer
  • security group for:
    • ECS cluster (that allows requests to the correct port)
    • the load balancer that accepts 80 port connection only from my IP

My goal was to wrap everything around with Cloudflare and point it to the load balancer. Although I ran into an issue.

To have a good secure environment, I though the following:

  • Setup the Cloudflare entry
  • Create Security group that would allow only Cloudflare to connect to the load balancer (the IPs are announced here.)
  • Assign the security group to the load balancer
  • The result should be, that only the route through Cloudflare is allowed. Not the direct one.

What I ended up seeing was:

  • Cloudflare route is timeouting with an error that

Contact your hosting provider letting them know your web server is not completing requests. An Error 522 means that the request was able to connect to your web server, but that the request didn’t finish. The most likely cause is that something on your server is hogging resources.

Couple of notes:

  • Adding both security groups (cloudflare and myIP) and trying the direct load balancer URL loads the site successfully.

  • If I allow everything in the load balancer (the default security group), then the Cloudflare route works.

Since the direct route works, but not the cloudflare one, maybe someone from the community will have an idea.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.