Add Cloudflare IP Range to the Security Group

Question

Hi AWS family,

I would like my EC2 instance's ports 21, 22, 80, 443, 3306, 8443, 8447 and 8880 to be accessed only from the Cloudflare IP addresses, which can be found at below link. To do this, I need to add the following IP addresses to the security group on separate lines for each port. Due to many ports and IP addresses, I reached the maximum 60 security group rule limit. Is there an easier way I can do this?

https://www.cloudflare.com/ips/

Thanks in advance

Answer

Hello

You can create multiple security groups and attach SG to the Ec2 instance, If you would like to increase the quota you request AWS support https://aws.amazon.com/premiumsupport/knowledge-center/increase-security-group-rule-limit/

Info Limits: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-security-groups

Thank You
GK

Add Cloudflare IP Range to the Security Group

Relevant questions

AWS Global Accelerator IP Subnet Range not up to date in ip-ranges.json

A Record (Cloudflare) pointing to EC2 instance not reachable

My ip address for ec2 instance and vmware esxi cannot be reached?

Server ports 80 and/or 443 are not publicly accessible

Cloudflare blocking PHP CURL request from AWS EC2 (CPANEL)

it cannot be accessed through port 80 or 443 of the public IP, but it can be accessed normally through the private IP.

EC2 Instances Several Ports Open

Outbound Ports 80 and 443 being blocked from instance

My Network Load Balancer is not enforcing the target Security group