Since you will likely not want to move your authoritative DNS zone to Cloudflare you can do a https://developers.cloudflare.com/dns/zone-setups/partial-se.... This will require the business plan $250 a month. If you can move your zone easily then you might be able to get away with the free account.
Once in place, spin up a new load balancer with new IPs for your service or update your current LB but don't publish the new IPs to your DNS zone. Configure Cloudflare to proxy to these. This will keep them hidden from whoever is attacking you.
Within the Cloudflare site config, under Security -> Settings -> Security Level set this to "I'm Under Attack" and this will start to present a challenge page to all users to confirm they're human before it forwards the traffic on to your origin servers.
That should take some pressure off and will allow your legit users to still gain access to the site.
Since you will likely not want to move your authoritative DNS zone to Cloudflare you can do a https://developers.cloudflare.com/dns/zone-setups/partial-se.... This will require the business plan $250 a month. If you can move your zone easily then you might be able to get away with the free account.
Once in place, spin up a new load balancer with new IPs for your service or update your current LB but don't publish the new IPs to your DNS zone. Configure Cloudflare to proxy to these. This will keep them hidden from whoever is attacking you.
Within the Cloudflare site config, under Security -> Settings -> Security Level set this to "I'm Under Attack" and this will start to present a challenge page to all users to confirm they're human before it forwards the traffic on to your origin servers.
That should take some pressure off and will allow your legit users to still gain access to the site.