Can I use AWS route 53 and Cloudflare at the same time?

Question

Currently, I am using Route53 to manage my domains, subdomains etc. But I want to add DDoS protection to my endpoints. So I want to use Cloudflare also. But I couldn't find a way to use two of them at the same time, can I put Cloudflare dos protection in front of the AWS r53?

Answer 1

You cannot use both Route53 and CloudFlare at the same time for your domain root DNS zone.

If you want to use Route53, you can:

• Use CloudFront to serve your entire website and then use the AWS DDoS protection (+ Amazon WAF for advanced ACLs).
• If you are using ELB w/ some EC2 instances, you can enable VPC Flow Logs and use Kinesis + Lambda to dynamically recognise DoS attacks and then ban the attacker IPs.

If you want to use Cloudflare to only protect a subdomain, you can delegate the management of a specific DNS "sub-"zone to CloudFlare.

For example:

• foobar.com is managed using a DNS zone of Route53
• attacked-subdomain.foobar.com is a subdomain that you want to protect with CloudFlare.

You can add the following records to your Route53 zone:

• attacked-subdomain.foobar.com NS nsXX.cloudflare.com
• attacked-subdomain.foobar.com NS nsYY.cloudflare.com

Then you can manage "attacked-subdomain.foobar.com" from your CloudFlare control panel.

It's not possible to help you more without having more details about you current infrastructure and the (D)Dos you're receiving. I hope I answered your question!

PS: I'd suggest to you to read the following whitepaper https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf