Whitelisting not working correctly with AWS EC2

user4424 · July 12, 2019, 3:17pm

Hi all - I’m new to Cloudflare and I’m trying to lock down my setup. My site is hosted on a single AWS EC2 instance running in the default VPC. I’ve already transferred my DNS zone to Cloudflare and everything seems to be working just fine. I’m seeing lots of traffic hitting the server from Cloudflare IPs.

Now as a next step, I’m trying to lockdown traffic to my EC2 instance such that only Cloudflare’s IPs are allowed. I created a Security Group and populated all the IPv4 and v6 addresses for Cloudflare, for both HTTP and HTTPS protocols and attached it to my EC2 instance. I also removed the old security group that allowed anyone on the internet to hit my site.

As soon as I do this, I’m unable to reach the site. It takes a long time too resolve and eventually ends in a blank white screen.

Any tips/hints as to what I’m doing wrong here? Perhaps it’s a caching issue or something else I’m not seeing or I’m not familiar with? Thanks in advance for any help.

sdayman · July 12, 2019, 6:36pm

I’ve not used this setup, so…

Is there a log for that Security Group?

Out of curiosity, why would you need to add a Security Group to allow anyone on the Internet to hit your site? Does every EC2 need some sort of Security Group in order to allow traffic?

user4424 · July 12, 2019, 6:51pm

HI @sdayman - yes, every EC2 instance by default isn’t accessible from the internet until you attached a security group allowing it. There isn’t any sort of Security Group logging unfortunately.

sdayman · July 12, 2019, 6:58pm

It looks like a few people have tried this:
https://duckduckgo.com/?q=ec2+cloudflare+security+group

user4424 · July 12, 2019, 8:18pm

Thanks @sdayman. I did a google search before posting here. Doesn’t look like anyone has run into any specific issues like mine. Hoping someone around here can help!