1. In the ACM request a cert for your subdomain and do the dns verification (Important: the cert has to be in the same region as your Cloudflare Distribution)
  2. Create an S3 Bucket and give it this policy
{
"Version": "2012-10-17",
"Statement": […

--

--