Cloudflare

Cloudflare is used for three things DNS, DDoS Protection, and Zero Trust. Because Cloudflare provides such generous free limits we highly recommend using them as you get access to their global network and security offering.

DNS

Cloudflare DNS is setup through terraform-cloudflare-domain module. This module allows you to create domains on Cloudflare repeatably with page rules to enforce https, Gmail configuration, and also AWS SES configuration for outgoing emails.

locals {
  subdomains = [
    {
      name    = "@"
      value   = "longtld.elb.us-west-2.amazonaws.com"
      type    = "CNAME"
      proxied = true
    },
    {
      name    = "app"
      value   = "longtlkd.elb.us-west-2.amazonaws.com"
      type    = "CNAME"
      proxied = true
    }
  ]
}

module "example_com" {
  source = "github.com/opszero/terraform-cloudflare-domain"
  domain = "example.com"
  records = local.subdomains
}

Zero Trust & SASE

Zero Trust is a fancy term for a VPN replacement. We use Cloudflare Access to lock access to certain DNS paths and network services requiring employee authentication before access is granted. Again by associating access to your Google credentials you can allowlist access to certain resources.