0

enter image description here

I am aware Cloudflare has a security focus, but considering it also provides load balancing, why should I have it point to yet another load balancer e.g. AWS ELB?

atkayla
  • 201
  • 2
  • 6

2 Answers2

1

CloudFlare has a CDN (content distribution network) offering that provides DNS, security and routing features. They also have a load balancing offering which is broadly similar to AWS's load balancers.

AWS ELB is a load balancer. ELB supports failover between AZs and integrates with auto scaling. ELB has AWS Shield basic integrated, which provides some security features, such as DDOS protection.

ELB and CloudFlare provide similar capabilities, once AWS WAF is taken into account. CloudFlare could arguably be regarded as simpler and easier to use. You can mix and match service offerings across CDN and load balancers, though I suggest the AWS load balancer is probably best to use if you're balancing EC2 resources. CloudFront + AWS WAF / CloudFlare can easily be swapped out.

You should use ELB in order to have access to load balancing across multiple AZ, and auto scaling to manage your load.

Tim
  • 30,383
  • 6
  • 47
  • 77
  • This is not an accurate answer. Cloudflare has multiple products. Their CDN is analogous to Cloudfront, and their Load Balancer is analogous to ELB/NLB. – X.L. Jan 24 '19 at 21:57
  • My answer might not be perfect, but it's in the right direction. I'll tweak it slightly. Suggest you submit a better answer @X.L. – Tim Jan 24 '19 at 22:01
0

Cloudflare LB is similar to AWS ELB/NLB but it does support proxying, which adds SSL/TLS support, DDOS protection and other Cloudflare features. ELB/NLB supports SSL/TLS with the addition of a certificate from AWS Certificate Manager (additional config step) and DDOS protection with AWS WAF (additional config step). Cloudflare LB is also significantly less expensive than AWS ELB/NLB, especially when considering the base monthly costs, $5 on Cloudflare gives you several LBS with their respective pools and monitors vs. $18+ on AWS for just standing up a LB.

Although this all sounds nice, Cloudflare proxying is notorious for causing trouble when connecting to AWS resources. For example, connecting the Cloudflare LB to an AWS EC2 instance with proxying turned on doesn't work, but with proxying turned off, http requests work fine (you lose https without proxying). I have yet to see an explanation as to why this behavior exists or find a workaround.

NJITman
  • 1