This is a sub-article. To go back to the main article, click here.

To make sure only Cloudflare-owned IP addresses can access your AWS instance:

  1. Go to ec2 -> Security Groups (or click this link) -> Create Security Group
  2. In "inbound" click add rule.
  3. Set HTTPS as the type (or custom TCP if you want to use another port)
  4. For the "source", enter the following string.
173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32
gif

Cloudflare may have added new IP ranges since this blog post, so make sure to check at https://cloudflare.com/ips.