Lambda to maintain IP address list on AWS


I have made a lambda which works to maintain a security group in AWS with all of the cloudflare IP addresses. I’d like to get feedback, comments, usage reports and contributions from anyone interested. This was based on some work by others which didn’t work for me (see file) and done as work for

This sets up and maintains a security group and allows incoming traffic from the cloudflare IP addresses on whichever ports you configure it to allow. By running it regularly you should ensure that the security group stays up to date with new addresses added to Cloudflare.

The included deployment uses Ansible since that make it easy for me to run full system tests however since the lambda is one simple python file it should be very easy to configure manually or integrate with whatever deploy system you use.

All the best
Michael De La Rue