First you'll want to create your Amazon S3 bucket through the appropriate Amazon webpage. Please make sure to note the full host URL assigned to the bucket you just created -- for example, 'files.example.com'.
- Login to your Cloudflare account.
- From the dropdown menu on the top left, select your domain.
- Select the DNS settings tab.
- Add a CNAME record to your AWS bucket.
If your domain is "example.com" and you want to use the CNAME "files" you'll need to make sure the S3 bucket name is "files.example.com". Amazon requires that the CNAME match the bucket name.
**Configuring CORS (Cross Origin Resource Sharing) directions from Amazon:**
Configuring your bucket for CORS is easy. To get started, open the Amazon S3 Management Console, and follow these simple steps:
1) Right click on your Amazon S3 bucket and open the “Properties” pane.
2) Under the “Permissions” tab, click the “Add CORS configuration” button to add a new CORS configuration. You can then specify the websites (e.g., "mywebsite.com") that should have access to your bucket, and the specific HTTP request methods (e.g., “GET”) you wish to allow.
3) Click Save.
Cloudflare supports CORS and operates in the following way:
- The Cloudflare CDN identifies cache items based on the Host Header + Origin Header + Path and Query, which supports different objects using the same host header, but different origin headers
- Cloudflare passes Access-Control-Allow-Origin header through unaltered from the origin server to the browser
For more information on using CORS with Amazon S3, please see the Amazon S3 Developer Guide.
Using SSL with AWS S3 and Cloudflare:
After creating the above CNAME with CloudFront or an ELB set up with a SSL certificate, you will be able to use Full SSL with Cloudflare, but not Full(Strict). If you want to use Full(Strict) SSL, you will need to set up AWS ELB with a custom certificate signed by a trusted CA.
Using Origin CA with AWS S3
You should be able to upload the Cloudflare Origin CA to your Amazon service via the Amazon Certificate Manager (ACM). You can find more instructions on how to create and manage the Cloudflare origin CA here.