How Cloudflare Proxy Silently Broke My Lambda ALB Communication

TL;DR Both api.hoge.com and backend.hoge.com had Cloudflare Proxy enabled. Requests from the browser were already passing through Cloudflare Edge before reaching Lambda. When Lambda then called backend.hoge.com , DNS resolved to Cloudflare's Anycast IP — sending the request right back into Cloudflare Edge. This created a Cloudflare loop: Cloudflare → Lambda → Cloudflare , resulting in: Cloudflare Error 1000 DNS points to prohibited IP flowchart LR Browser -->|①| CF1[Cloudflare Edge] CF1 -->|②| Lambda Lambda -->|③ backend.hoge.com = Cloudflare IP| CF2[Cloudflare Edge] CF2 -->|❌ Error 1000| ALB As a quick fix, I turned Proxy OFF for backend.hoge.com . The long-term plan is to move Lambda → ALB communication inside the VPC. The Error Calling the API from the frontend returned a 403 Forbidden . The response body contained: Cloudflare Error 1000 DNS points to prohibited IP API Gateway and Lambda appeared to be working fine, and there were no logs on the ECS side at all. My first instinct wa