Delicious Brains


Using CNAMEs with S3

When using Amazon S3 to serve your offloaded media library or assets, you may prefer to use a subdomain of your site’s primary domain rather than Amazon’s

To do this, we need to:

If your site is on HTTPS, please read this first.

If you haven’t already, go through the Quick Start first to get setup with an AWS account, user, and add your access keys into the Amazon Web Services plugin.

Creating the Bucket

Creating the bucket is easy and can be done using the interface within the WP Offload S3 settings screen.

Offload S3 bucket selection interface

When pointing a CNAME at your S3 bucket, Amazon requires that the bucket name match the domain name you are pointing to it. That is, if we want to use for our domain, the bucket must be named Because of this requirement, it’s a good idea to create the bucket first before changing anything domain-related.

Add a New CNAME

Login to the registrar you use to manage the domain name for your website, and navigate to the section for managing the DNS of

Add a new CNAME record with a name of images, and a value of and save the changes. DNS changes propagate much quicker than they used so you might see the change in a few minutes or less. You can use a free tool like to check the propagation of the new record:

Checking DNS Propagation with

Configuring WP Offload S3

Once your CNAME is created for your domain, you can configure WP Offload S3 to use the new subdomain for your media.

Configure File URLs box with custom domain


This kind of virtual hosting of Amazon S3 buckets does not support using HTTPS for your URLs in most cases because Amazon’s SSL certificate will not include in the CommonName or AlternativeName. If using HTTPS is necessary for your use (i.e. if your site is using https), we recommend setting up a proper distribution with CloudFront.

One alternative to CloudFront in this case is using SSL provided by CloudFlare, which will allow a secure connection (images will display properly), while the bucket is still accessed via HTTP by CloudFlare.

For more information, see the relevant Amazon S3 documentation