Use Cloudflare to access AWS S3 with wildcard record subdomain

0
votes

I'm trying to follow this article on cloudflare regarding how to fetch Amazon S3 assets through a subdomain.

It works as expected when I manually define a specific subdomain with DNS like the following:

CNAME ----- assets ------ fullpage.sites.s3-website-us-west-1.amazonaws.com --- orange cloud icon enter image description here

Then I can access my amazon files when using: https://assets.example.com

However, I want to use a wild card so each subdomain can be redirected to a folder inside my Amazon S3 bucket. I don't want to manually define those subdomains as that's something my web users will generate in their web app.

So, I add the following record with the wildcard NAME. CNAME ----- * ------ fullpage.sites.s3-website-us-west-1.amazonaws.com --- grey cloud icon enter image description here

Notice I wasn't allowed to use the "orange cloud icon" (Proxied) and I had to use the grey one (DNS only)

Now this URL stopped working as expected: https://assets.example.com

And I get an aws error:

404 Not Found

  • Code: NoSuchBucket
  • Message: The specified bucket does not exist

What's going on?

How can I solve this?

1
amazon-web-servicesamazon-s3cloudflarecloudflare-workers
You need a solution like the one I mentioned here that can rewrite the path before sending the request to S3. My solution uses Lambda@Edge to do that. With Cloudflare, I assume you might be able to use Cloudflare Workers to do the path rewrite, but I don't know. What you are doing so far would require a bucket named for each subdomain, which is not likely viable.Michael - sqlbot

1 Answers

1
votes

Notice how the non-wildcard CNAME record has an orange cloud icon on the right and says "Proxied". This means that requests to this hostname are processed by Cloudflare first, including e.g. running Cloudflare Workers to rewrite the URL.

Your wildcard hostname, though, says "DNS only". This means that the hostname is set up to point directly to AWS's IP address; requests do not go to Cloudflare first. AWS does not expect to receive requests for your hostname, so it returns a 404 error when it sees them.

Unfortunately, Cloudflare only supports proxying of wildcard hostnames for enterprise accounts, so there's not much you can do about this unless you want to upgrade to an enterprise contract, which typically starts at around a few thousand dollars a month.