Can I use AWS route 53 and Cloudflare at the same time?
Currently, I am using Route53 to manage my domains, subdomains etc. But I want to add DDoS protection to my endpoints. So I want to use Cloudflare also. But I couldn't find a way to use two of them at the same time, can I put Cloudflare dos protection in front of the AWS r53?
Answer
You cannot use both Route53 and CloudFlare at the same time for your domain root DNS zone.
If you want to use Route53, you can:
- Use CloudFront to serve your entire website and then use the AWS DDoS protection (+ Amazon WAF for advanced ACLs).
- If you are using ELB w/ some EC2 instances, you can enable VPC Flow Logs and use Kinesis + Lambda to dynamically recognise DoS attacks and then ban the attacker IPs.
If you want to use Cloudflare to only protect a subdomain, you can delegate the management of a specific DNS "sub-"zone to CloudFlare.
For example:
- foobar.com is managed using a DNS zone of Route53
- attacked-subdomain.foobar.com is a subdomain that you want to protect with CloudFlare.
You can add the following records to your Route53 zone:
- attacked-subdomain.foobar.com NS nsXX.cloudflare.com
- attacked-subdomain.foobar.com NS nsYY.cloudflare.com
Then you can manage "attacked-subdomain.foobar.com" from your CloudFlare control panel.
It's not possible to help you more without having more details about you current infrastructure and the (D)Dos you're receiving. I hope I answered your question!
PS: I'd suggest to you to read the following whitepaper https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf