Cloudflare Tunnel

I have cloudflare tunnel that I manage through the cloudflare (Zero Trust) website. This tunnel is mainly used to allow access to my server which hosts a website along with an API. What ports / protocols needs to be allowed for the tunnel to work with a VPS like an AWS EC2 instance? I can get the tunnel to work, but only if I allow all traffic and all protocols in my security group. Thanks!