Allow traffic from cloudflare to your origin by including this module
The module pulls the ip4 and ip6 addresses from the public plaintext location that cloudflare kindly make available here and here into the terraform data_source "http" introduced in 0.9.5.
The data is used to allow access from those ips to your origin on port 80 or 443 using a boolean var to apply the rule.
Define a security group for your app/load balancer and call this module and pass the security group ID to the module.
resource "aws_security_group" "myapp" {
}
module "sysadmiral_tf_aws_secgrouprule_cloudflare" {
source = "github.com/sysadmiral/sysadmiral_tf_aws_secgrouprule_cloudflare"
security_group_id = "${aws_security_group.myapp.id}"
enable_http = false
enable_https = true
}