Skip to content

Commit b78bc01

Browse files
nikitacanopedrosousa
nikitacano
and
pedrosousa
authored
[Rules] Cloud Connector: clarify SSL to AWS S3 (#18066)
--------- Co-authored-by: Pedro Sousa <[email protected]>
1 parent 8274d3c commit b78bc01

File tree

2 files changed

+9
-2
lines changed

2 files changed

+9
-2
lines changed

src/content/docs/rules/cloud-connector/index.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ Cloud Connector rules are evaluated last in the request evaluation workflow. Whe
3535
Cloud Connector will perform the following configurations automatically, depending on the cloud provider:
3636

3737
- Modify the `Host` header.
38-
- Adjust SSL/TLS for bucket-related traffic (AWS S3 only).
38+
- Adjust SSL/TLS for bucket-related traffic ([Amazon S3 website endpoints](/rules/cloud-connector/providers/#ssl-connections-for-aws-s3-endpoints) only).
3939

4040
## Availability
4141

src/content/docs/rules/cloud-connector/providers.mdx

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,15 +22,22 @@ Support for Cloudflare R2 will be added soon.
2222
The hostname of your S3 bucket URL must have one of the following formats (where `*` is a wildcard character):
2323

2424
- `*s3.amazonaws.com`
25-
- `*s3-website.<REGION>.amazonaws.com`
2625
- `*s3.<REGION>.amazonaws.com`
26+
- `*s3-website.<REGION>.amazonaws.com`
2727
- `*s3-website-<REGION>.amazonaws.com`
2828

2929
Cloud Connector supports both subdomain and URI path-style URLs:
3030

3131
- **Subdomain-style URLs**: Set the hostname to `<BUCKET_NAME>.s3.amazonaws.com`. In this case, your files are accessible directly under the root of the bucket. For example, `https://example.com/index.html` will map to `https://<BUCKET_NAME>.s3.amazonaws.com/index.html`.
3232
- **URI path-style URLs**: Set the hostname to `s3.amazonaws.com`. Here, your bucket name must be part of the URI path in your requests. For example, if your bucket name is `<BUCKET_NAME>`, files will be available on paths like `https://example.com/<BUCKET_NAME>/index.html`, and your Cloud Connector rule should filter traffic based on the URI path starting with `/<BUCKET_NAME>`.
3333

34+
### SSL connections to AWS S3 endpoints
35+
36+
The SSL setting applied to requests between Cloud Connector and AWS S3 depends on the type of S3 endpoint you use:
37+
38+
- **HTTPS-supported endpoints**: For hostnames like `*s3.<REGION>.amazonaws.com` and `*s3.amazonaws.com`, Cloudflare will connect to AWS S3 over HTTPS if you set your zone's SSL/TLS mode to **Full** or **Full (Strict)**.
39+
- **Non-HTTPS endpoints**: For website-style hostnames such as `*s3-website.<REGION>.amazonaws.com` or `*s3-website-<REGION>.amazonaws.com`, which do not support HTTPS, Cloudflare will default to **Flexible SSL**.
40+
3441
### Get the bucket URL
3542

3643
1. Go to the [Amazon S3 console](https://console.aws.amazon.com/s3/) and select **Buckets** in the navigation pane.

0 commit comments

Comments
 (0)