Securing AWS Elastic Beanstalk with Cloudflare DNS

My personal website is hosted on AWS Elastic Beanstalk but the DNS is managed with Cloudflare instead of AWS Route 53 and Cloudfront setup to enjoy the its lower price and the free SSL encryption.

It is not straightforward when part of the solution is not within the AWS family. There is a little workaround needed to secure the publicly exposed Elastic Beanstalk applications. The idea is limiting the visit to the applications to only Cloudflare and let Cloudflare handles the public traffic. This can be done by configuring the security group to deny all traffic except the list of IP Addresses used by Cloudflare. This step ensures only traffic from these IP is allowed on our AWS Elastic Beanstalk. Afterwards, on Cloudflare DNS page, a CNAME record must be created to point the traffic from the public URL to the Elastic Beanstalk URL.

Since there are frontend and backend components when it comes to using Strapi and Nuxt to build this website, both components must be secured the same way.

It is still expensive using AWS Elastic Beanstalk and RDS Database to host this website. DigitalOcean + Docker might be considered in the future.