Cloudflare Administration Overview

VIDEO TRANSCRIPT | Recorded: 2025-10-30 | Verify against current system state

Abstract¶

Administrative overview of Cloudflare infrastructure for AANP covering billing access, user management, Zero Trust access policies for QA/UAT sites, Workers and Pages continuous deployment from GitHub, R2 object storage for CE tracker data and assets, DNS management including SPF records, and email routing configuration. Demonstrates how to manage access controls, monitor deployments, and maintain DNS records with version control.

Key Procedures¶

• Access billing through IT Support account in 1Password
• Review invoices showing usage-based charges (R2, Stream storage)
• Manage users under Members section with role assignments
• Configure Zero Trust access applications with bypass policies
• Create access groups for IP addresses and email domains
• Set up Workers and Pages deployments linked to GitHub repositories
• Monitor R2 storage buckets for CE tracker data and assets
• Configure Simple Backups to R2 for daily/weekly/monthly asset backups
• Manage DNS records including A, CNAME, MX, and TXT (SPF)
• Track SPF record changes in GitHub repository
• Set up email routing workers for UAT Salesforce email forwarding

Notable Statements¶

• 0:03:34 "We are using R2 data storage for a few things, and that's costing us $4.29 a month."
• 0:03:47 "Stream basic storage... there's like two videos out there. Y'all could reach out to marketing and see if this could be pushed somewhere else."
• 0:06:12 "We used to run into this limitation of 50 seats all the time because the certification board was really heavily using this."
• 0:07:42 "If you want something explicitly firewalled, you would have to put in the exact subdomain."
• 0:08:46 "If you have an amp.org email address, we will let you through even if you aren't in the VPN IP address."
• 0:14:54 "Our non-essential domains are still on the free plan. We subscribe to the business plan tier for AMP.org."
• 0:16:14 "Anytime you push up changes to rise.amp.org, it gets pushed to this site through continuous deployment."
• 0:19:42 "R2 storage is Cloudflare's version of S3 storage, storing large amounts of data in a bucket."
• 0:21:55 "This just backs up our assets on a daily, weekly, and monthly basis using Simple Backups."
• 0:27:49 "This is our AMP.org SPF record. This tells mail servers which IP addresses it should accept as coming from AMP.org."
• 0:28:34 "If this gets too long, there's problems. For each one of these, it's pulling in another list of IP addresses."
• 0:29:33 "I've set up a GitHub repository that monitors SPF record changes. Anytime I make a change, I add it to this repository."

Systems & Configurations¶

Systems Mentioned¶

• Cloudflare (CDN, DNS, Zero Trust, Workers, R2)
• GitHub (source control, CI/CD)
• Network Solutions (domain registration)
• Simple Backups (R2 backup tool)
• Salesforce (email routing destination)
• MyCast (email SPF)
• SendGrid (email SPF)
• Zendesk (email SPF)
• Voter Voice (email SPF)

Specific Configurations¶

Credentials/Access Mentioned¶

• IT Support account in 1Password for billing access
• Individual Cloudflare accounts for zone management
• GitHub repository for SPF record versioning
• Simple Backups credentials in 1Password

Errors & Troubleshooting¶

• Issue: Pages deployment failure
• Cause: Files too large for build process
• Resolution: View build logs in Cloudflare, fix file size issues

• Timestamp: 0:16:46

• Issue: SPF record too long

• Cause: Too many include statements pulling IP address lists
• Resolution: Monitor total lookups, consolidate where possible
• Timestamp: 0:28:34

Transcript Gaps & Quality Notes¶

• Training session for IT team succession planning
• Multiple speakers but primarily Jeff presenting
• References to visual dashboard elements not visible in transcript
• Recording covers administrative procedures for team knowledge transfer
• Some clicks and navigation described but not shown