Route53 with Cloudflare DNS

Amazon AWS with Cloudflare DNS

As with all my articles, each person needs good IT skills and problem solving skills. See my Terms of Use page. Care is needed with DNS settings or domain name changes and transfers. It is actually possible to lose a domain name! Generally, I make sure I record current versus new settings, and that settings are duplicated even if in conflict with each other for a few minutes until I am sure I can delete original settings.


I have used the free Cloudflare plan with various website URL redirections for several years.

One can redirect to an S3 bucket or an existing website, and make use of HTTPS at no cost. You can explore Cloudflare to see how you add HTTPS.

One example may be that you change your website to a new domain name, and use Cloudflare in the interim months (say a year) to redirect your old website to the new. Or, a redirect to an S3 bucket static website page can simply use a DNS record pointing to the bucket URL. Again, you can explore the setups.

There are some exceptions – for instance, if a top level domain is not supported, you accept that limit.

I have questions about how much one should use free services and the viability of free plans.

Cloudflare has helped me a lot and it is reliable. I can say many thanks to Cloudflare.

But personally, I chose not use the service for a fully developed working/public website using the free plan – this is my own view of ethics and to what extent services really should be based on a fee structure to ensure no problems downstream.

I have tested WordPress on the free plan just for the purposes of testing. One creates an AWS static IP address, assigns it to the EC2 instance and Route53 entries. You then ensure all other DNS entries are in place for SSL certificates, SES e-mail and so on. At that point, I also added the full range of Cloudflare IP addresses to an EC2 Security Group for http and https, as well as my own broadband static IP and the Amazon static IP. (I also did the same for SSH access.)

Perhaps this IP setup is not necessary for a public site as people have inbound requirements from their own IP addresses. I was testing.

One then creates the domain in Cloudflare and replaces the Amazon name servers in the registered domain section (or wherever hosting is) and in Route53 so that there is no conflict. Once that propagates, (you can verify with a DNS checker) you are set to go. The propagation can take a while, so you may see it working on your mobile phone before it does on the PC.

This is a short article, but I mention Cloudflare simply to verify I have installed WordPress without problems in the revolving IP addresses that CLoudflare uses after the call to your Amazon IP address takes place, and that it definitely helps in redirects. One should test separately the viability of Amazon’s CDN if using that, or some other specialised services, to verify the rotating IP addresses do not cause a failure on WordPress.

An example of a redirect of old to new is where you make the Cloudflare A record point to your new website’s Amazon static IP address, and of course the name server changes. You only need one A record, the two Cloudflare nameservers and nothing else. Of course the registered domain name for that old URL points to Cloudflare’s two name servers as well. You don’t need a hosted zone on Amazon. You don’t need to explicitly set up HTTPS if the new site is already HTTPS.

What about an S3 bucket static web page? (We are not looking today at S3 as a redirect to another website, but you can play with that.)
You create the setups in Cloudflare which examines your existing DNS entries in Route53. If these no longer require e-mail, you can delete these from Cloudflare. The A record is simply the qualified S3 bucket URL – e.g. create a CNAME record using (use your own domain name) and the proxied record is typically like this: where the region will reflect your bucket’s region. You can add another CNAME for www in the CNAME entry.

If you delete various records from Cloudflare on the basis they are no longer used, such as defunct e-mail you removed from Amazon SES, you may still have other entries such as Google’s site verification record if your static webpage in the S3 bucket has the Google tracking code in it.

If you are having difficulty with HTTPS, you simply enable HTTPS, and under the SSL tab in the left Cloudflare menu, you will see the free SSL certificate it generates. Again, there is a propagation time involved.

That’s it.

If you wish to switch back from Cloudflare to Amazon, you add the domain name as a Hosted Zone in Amazon’s Route53. That gives the four nameservers. You then update the registered domain name to remove Cloudflare’s nameservers and add the new. You then have Route53 and the domain name registration back in Amazon. You delete the domain from Cloudflare.

Start typing and press Enter to search