Dynamically checking Cloudflare IPv4 ranges


I have to update an aws security group rule to allow ingress for Cloudflares IPv4 ranges, in the link below. I was wondering if the community has suggestions for dynamically checking the list so that I can be proactive instead of reactive whenever an update happens.


Ingress rules preferably created by terraform.

Hi @nmoy!

Aside from that URL you gave, another good one to get the IPs from is https://api.cloudflare.com/client/v4/ips

This URL will return both IPv4 and IPv6 ranges in JSON, along with an etag value which will change when the list changes, so you can store and compare this value across runs.

You would need to write a script which polls this endpoint periodically and updates your firewall if there any differences. You would run this script on e.g. Cron Triggers · Cloudflare Workers docs


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.