I've been leveraging a combination of Azure and Cloudflare to build secure, scalable infrastructure. Initially, Cloudflare served as a CDN in front of public load balancers hosted on Azure App Services. Over time, I began incorporating Cloudflare’s Zero Trust Network Access (ZTNA) features to strengthen security and enforce least-privilege access principles.
This architecture establishes a clear separation of responsibilities:
- Cloudflare acts as the ingress control plane, managing authentication, access policies, and traffic inspection.
- Azure handles application workloads and outbound (egress) traffic routing.
graph TD
classDef environment stroke:#333,stroke-dasharray:5 5
V[Visitors] -->|HTTPS| WAF[Cloudflare WAF]
E[Employees] -->|WARP| WARP[Cloudflare ZTNA]
subgraph Cloudflare["Cloudflare Environment"]
WAF --> CT[Cloudflare Tunnel]
WARP --> CT
end
subgraph Azure["Azure Environment"]
CT -->| | APP[Azure Application VNETs]
APP -->|Internal| FW[Azure Firewall]
end
FW -->|Egress| EXT[External Services]
class Cloudflare,Azure environment
To help others replicate this setup, I’ve created a collection of Terraform modules along with example implementations, all available on GitHub. These modules reflect my opinionated approach, but I welcome feedback, discussions, and pull requests from the community.