Elastic Load Balancer (AWS) + Cloudflare

Somethings, we are using Cloudflare with our domains, due the security layers offered by this service. But, what if we want to get all the benefits provided by Cloudflare and also we need a Load Balancer (ELB)?

There exists tricks and steps to solve it!

1. Go to your console, to Create New Load Balancer (https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#SelectCreateELBWizard:)

2. Choose http, https:

Click on Create

3. Add a name, and remember to add all the listeners you need for your application

4. Remember to specify all the availability zones for your Load Balancer, and click on “Next: Configure Security Settings”

5. This step is very important.
Open a new tab or window in your browser and go to “Import Certificate” (https://us-west-2.console.aws.amazon.com/acm/home?region=us-west-2#/importwizard/)

5.a You have three inputs (Certificate Body, Private Key and Chain of Certificates) — You get all this options from Cloudflare, so we are crossing here to a new Window or tab into your browser

5.b Login in to your Cloudflare account and select your domain

5.c Go to SSL/TLS -> Origin Server and click on Create Certificate

5.d Use the defaults options, click next.

5.e You get the origin and private key in the next step, copy it and paste in the window of aws for “Import a new certificate”

My AWS Console is in spanish..

6. Ok, we are close to complete the import. The next part is a very important trick to complete the import:

6.a Visit https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates

6.b Go to Related Resources, at the end of the article, and download the “origin_ca_rsa_root.pem” file.

6.c Open it your text editor (I’m using sublime text), and copy the certificate

6.d Paste it into the Window of AWS Certificate Manager (Where we paste the Cloudflare Certificate in the step 5.e), and click Next

6.e Add a tag name to remember it: “My Domain Cloudflare Certificate” for example.Click on Check, and finally Import.

7. Ok. We continue from the step 2 in the process to create our load balancer, so, we need to reload the available certificates to use:

7.a Select your Cloudflare imported certificate and click Next: Configure Security Groups

8. You can choose your default Security Groups. In our case we created a Public SG in our previous tutorial: https://medium.com/@medinazdago/crear-un-ambiente-en-aws-vpc-subnets-internet-gateway-network-acl-security-groups-ec2-para-626019d28545

9. Configure Routing: Create a new target

By default my EC2 instances are working in port 80. But Cloudflare is handling the SSL traffic.

10. Register Targets: Add the EC2 instances you want to handle besides your new load balancer.

11. Let’s click on review and create.

12. Amazing!! Your Load Balancer is created, but you need to do only one more step, after it is ready to use:

Waits while your ELB is provisioning..

13. Check the DNS of your ELB, in the description tab:

13.a Copy it, and paste it in your Cloudflare account as a CName record.

Done! You create your AWS ELB using the Cloudflare proxy and certificate.

Important: While your ELB is provisioning, it will not work properly.

Thanks for read it! Let your comments or questions!