First, you'll want to create your Amazon S3 bucket through the appropriate Amazon webpage. Be sure to note the full host URL assigned to your bucket -- for example, 'files.example.com'.
- Log in to Cloudflare.
- From the dropdown menu on the top left, select your domain.
- Select the DNS app.
- Add a CNAME record for your AWS bucket.
If your domain is "example.com" and you want to use the CNAME "files", you'll need to make sure the S3 bucket name is "files.example.com". Amazon requires that the CNAME match the bucket name.
**Configuring CORS (Cross Origin Resource Sharing) directions from Amazon:**
To configure your bucket for CORS, open the Amazon S3 Management Console, and follow these steps:
1) Right click on your Amazon S3 bucket to open the Properties pane.
2) Under the “Permissions” tab, click Add CORS configuration to add a new CORS configuration. You can then specify the websites (e.g., "mywebsite.com") that should have access to your bucket, and the specific HTTP request methods (e.g., “GET”) you wish to allow.
3) Click Save.
Cloudflare supports CORS and operates in the following way:
- The Cloudflare CDN identifies cache items based on the Host Header + Origin Header + Path and Query, which supports different objects using the same host header, but different origin headers.
- Cloudflare passes the Access-Control-Allow-Origin header through unaltered from the origin server to the browser.
For more information on using CORS with Amazon S3, please see the Amazon S3 Developer Guide.
Using SSL with AWS S3 and Cloudflare:
After creating the above CNAME with CloudFront or an ELB set up with a SSL certificate, you will be able to use Full SSL with Cloudflare, but not Full(Strict). If you want to use Full(Strict) SSL, you will need to set up AWS ELB with a custom certificate signed by a trusted Certificate Authority (CA).
Using Origin CA with AWS S3
You should be able to upload the Cloudflare Origin CA to your Amazon service via the Amazon Certificate Manager (ACM). You can find more instructions on how to create and manage the Cloudflare origin CA here.