Easy way to Configure SSL for Amazon S3 bucket via Cloudflare

By Ralph Vugts on May 5, 2014

Tagged in: , , ,

Amazon S3 storage is great for off-loading static content such as images & scripts away from your main server, it’s even better (SEO-wise) when you set it to serve images from your domain name. Eg:

Yourdomain.com/image.jpg
VS
s3.amazonaws.com/YOUR_BUCKET/image.jpg

Unfortunately, if you were running an online shop and wanted to use SSL (HTTPS://) with this, you have to shell out a hefty $600 per month via AWS Cloudfront to get this added to your domain or subdomain… Which is a tad on the expensive side.  Not only that, but if you have a high traffic website, you could be up for significant traffic charges from Amazon.

Being the tight arse that I am I started to investigate other options, and I stumbled across a cost effective solution while testing CloudFlare (not to be confused with Cloudfront). Not only does this allow you to run SSL via a subdomain on an Amazon Bucket it also allows you to use the CloudFlare CDN and security features to keep your traffic costs down for a tiny $20 per month (or as low as $5 per month for additional sites) $0 per month (now included in Cloudflares free plan).

$0 VS $600? How did I do it? Read on…

How Configure SSL for Amazon S3 bucket via CloudFlare:

First, create your Bucket on Amazon S3. Make sure the bucket name is the same as the domain or subdomain you’re wanting to run CloudFlare SSL on.
Eg. images.yourwebsite.com

Now click into the bucket, and select “Properties”. Under “Static Website Hosting” enable website hosting and enter an index document name such as index.html. Copy the “Endpoint” url as you will need this later for the CloudFlare DNS configuration.

Configure SSL for Amazon S3

Now you are going to want to register for a CloudFlare Pro account, as the free account does not give you SSL. Add your domain name and start the setup process.

Once you get to the DNS setup section you are going to need to add a new CNAME record that points to the S3 endpoint we copied before. In the case of images.yourwebsite.com  you would create a new DNS record for the subdomain “images” and alias that to your endpoint: Images.yourwebsite.com.s3-website-ap-southeast-2.amazonaws.com

Ensure CloudFlare is enabled on the subdomain by clicking on the grey cloud and making it orange.

DNS_Settings___CloudFlare___The_web_performance___security_company-5

Now hit “Save” and wait for a bit for the changes to propagate.

You now need to enable “Flexible SSL” on your main domain. Click to CloudFlare settings and scroll down to SSL and select “Flexible SSL” and hit “Save”.

Now go grab a coffee as it takes an hour or so for everything to take effect. But once it kicks in your S3 bucket should now be serving superfast content via HTTPS for the low price of $20 $0 per month VS Amazons Cloudfronts $600 + traffic costs. Woohoo.

You can also now benefit from the rest of CloudFlare’s features that can significantly speed up your website.

Ralph has been developing websites and systems for nearly 20 years. Passionate and curious, he’s an a-typical developer who understands how users interact with the systems he builds. He understands that systems need to be human-friendly. Ralph loves working in an industry that is constantly changing and disrupting itself.

Get in touch, We love to talk