How do I use Cloudflare with Amazon's S3 Service?

Add a S3 DNS record to Cloudflare

Before configuring your Amazon hosted site, ensure that you have a corresponding CNAME DNS record set up in the Cloudflare DNS app. Learn how to add S3 DNS records to Cloudflare.

Configure CORS (Cross Origin Resource Sharing) for Amazon

To configure your bucket for CORS, open the Amazon S3 Management Console, and follow these steps:

  1. Right click on your Amazon S3 bucket to open the Properties pane.
  2. Under the “Permissions” tab, click Add CORS configuration to add a new CORS configuration. You can then specify the websites (e.g., "") that should have access to your bucket, and the specific HTTP request methods (e.g., “GET”) you wish to allow.
  3. Click Save.

 Cloudflare supports CORS and operates in the following way

  • The Cloudflare CDN identifies cache items based on the Host Header + Origin Header +  Path and Query, which supports different objects using the same host header, but different origin headers.
  • Cloudflare passes the Access-Control-Allow-Origin header through unaltered from the origin server to the browser.

For more information on using CORS with Amazon S3, please see the Amazon S3 Developer Guide.

Using SSL with AWS S3 and Cloudflare

After creating the above CNAME with CloudFront or an ELB set up with a SSL certificate, you will be able to use Full SSL with Cloudflare, but not Full(Strict). If you want to use Full(Strict) SSL, you will need to set up AWS ELB with a custom certificate signed by a trusted Certificate Authority (CA).

Using Origin CA with AWS S3

You should be able to upload the Cloudflare Origin CA to your Amazon service via the Amazon Certificate Manager (ACM). You can find more instructions on how to create and manage the Cloudflare origin CA here.


Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk