Use Cloudflare to access AWS S3 with wildcard record subdomain
I'm trying to follow this article on cloudflare regarding how to fetch Amazon S3 assets through a subdomain.
It works as expected when I manually define a specific subdomain with DNS like the following:
CNAME ----- assets ------ fullpage.sites.s3-website-us-west-1.amazonaws.com --- orange cloud icon
Then I can access my amazon files when using: https://assets.example.com
However, I want to use a wild card so each subdomain can be redirected to a folder inside my Amazon S3 bucket. I don't want to manually define those subdomains as that's something my web users will generate in their web app.
So, I add the following record with the wildcard NAME.
CNAME ----- * ------ fullpage.sites.s3-website-us-west-1.amazonaws.com --- grey cloud icon
Notice I wasn't allowed to use the "orange cloud icon" (Proxied) and I had to use the grey one (DNS only)
Now this URL stopped working as expected: https://assets.example.com
And I get an aws error:
404 Not Found
- Code: NoSuchBucket
- Message: The specified bucket does not exist
What's going on?
How can I solve this?
Notice how the non-wildcard CNAME record has an orange cloud icon on the right and says "Proxied". This means that requests to this hostname are processed by Cloudflare first, including e.g. running Cloudflare Workers to rewrite the URL.
Your wildcard hostname, though, says "DNS only". This means that the hostname is set up to point directly to AWS's IP address; requests do not go to Cloudflare first. AWS does not expect to receive requests for your hostname, so it returns a 404 error when it sees them.
Unfortunately, Cloudflare only supports proxying of wildcard hostnames for enterprise accounts, so there's not much you can do about this unless you want to upgrade to an enterprise contract, which typically starts at around a few thousand dollars a month.
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function
- AWS ElasticBeanstalk EC2 Termination Protection
- Allowing AWS Cognito Users to authentication to JIRA via SAML/SSO (Domain Not found)
- Install pgAgent on AWS RDS for Postgres
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- List all parameters in AWS SSM Parameter Store
- AWS push_down_predicate not working with DynamoDb
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- AWS ECS agent won't start
- AWS VPC (Virtual Private Cloud), rapidly increasing expenses
- SemaphoreCI OIDC AWS connection
- Can't delete AWS internet Gateway
- How to provide multiple StringNotEquals conditions in AWS policy?
- Not able to get ECS fargate metrics on Datadog
- 502 "Internal Server Error" with API Gateway + Lambda when deploying
- Java Springboot application not able to connect to AWS Elasticache Valkey Cache (Serverless)
- Splitting PDF with PyPDF2 in Lambda function
- "libdbus-glib-1.so.2: cannot open shared object file: No such file or directory"
- Partial credentials found in env, missing: AWS_SECRET_ACCESS_KEY
- Best way to store Firebase admin private key file for AWS lambda
- AWS Elastic Beanstalk and Secret Manager
- Unable to upload data using sagemaker_session.upload_data in s3 bucket that I created, it is getting stored in default s3 bucket
- Parse Aws IoT message in python
- How to temporarily switch profiles for AWS CLI?
- Python Sqlalchemy insert data into AWS Redshift
- Using AWS Bedrock Prompt Management with InvokeCommand