Anand Sudhanaboina

S3 CNAME SSL With CloudFlare

AWS doesn’t allow CNAME SSL with static hosting on S3. The only AWS native option is to create a Amazon CloudFront distribution which supports CNAME SSL (AWS ACM or Custom). However, if you happen to or can use CLoudFlare you can do it without the overhead of CloudFront and the cost that comes with it. This however doesn’t offer the capablities which CloudFront provides. Here’s how to do it:

Enable S3 for web hosting

Create a S3 distribution with bucket name same as your domain name. Once you do this, enable static web hosting for the bucket, try to access the bucket using the public link (If you get 403, refer this).

CloudFlare setup

In the CloudFlare DNS dashboard add a CNAME record to the bucket host (where you accessed the bucket in previous step), now you should be able to access the bucket with your cname. Try using https, if it works you’re setup is done here, you may want to add a page rule in CloudFlare if you wish to have https only access to the site.

If HTTPS fails, try to check the SSL mode of the CloudFlare account, unless you have Flexible SSL this setup won’t work. Now, can you safely change SSL to flexible or if you want to keep it to Full and want flexible to a paricular sub domain, like me, add a page rule like shown below which will only apply flexible SSL onto a paticular domain.

My page rules for this setup looks like this, one for force https another for flexible SSL: