I have a question related to configuring a AWS EC2 instance so that it only accepts requests from CloudFlare IPs.
I’m currently using Cloudflare DNS in Proxied mode to resolve a request to my.domain.com to the public IP address of the AWS EC2 instance. In server logs I see a client’s IP (i.e. the IP of the machine from which the browser makes the request) and not CloudFlare’s IP. This means I’m not able to differentiate between requests that are reaching my server via CloudFlare vs those that come as direct IP access.
I don’t understand exactly if CloudFlare also delivers information on proxy IP to the EC2 instance via some header or only delivers the IP of the client. Is there some way that allows me to have access to both on the EC2?
If that’s not possible, how do I ensure that all access to my AWS EC2 instance is forced to go through Cloudflare and direct IP access is not possible?