Hey all, sorry to ask this here but I couldn’t find a channel for zero trust.
I’ve been trying to set up AWS VPC peering using Cloudflare Tunnel without much success though this piece of documentation seems to indicate it is possible. The use case I’m trying to build is accessing an AWS ElastiCache Redis cluster from a Vercel Serverless Function without exposing the whole VPC to the internet.
This has led me to the following approach and I’d like to know if it makes sense?
- Create a VPC with public and private subnets.
- Deploy an ElastiCache Redis cluster to the private subnet with a security group only allowing internal traffic.
- Deploy an EC2 instance to the public subnet where cloudflared tunnel create would be run, pointing to either the private subnet’s IP range or the ElastiCache primary endpoint.
- Route all external traffic to the tunnel endpoint which would get routed to the private subnet and hopefully make the Redis instance accessible?
I’m also wondering why
cloudflare tunnel login asks to pick a website from the CF dashboard whereas creating a tunnel from the UI doesn’t?