Have been trying to find the best way to make sure that the Application behind my AWS Application Load Balancer (ALB) can only take traffic that has been routed via a Cloudflare-proxied DNS name.
I have read through some previous suggestions and seems like adding Cloudflare’s IP on the ALB inbound security group is one way. But doesn’t this mean that someone else with a Cloudflare account could potentially still send traffic to my AWS ALB.
Is there a better way to do this?
Requirement is basically Cloudflare proxied DNS record in my Cloudflare account should be the only thing that can send traffic to the AWS ALB.