1. In the ACM request a cert for your subdomain and do the dns verification (Important: the cert has to be in the same region as your Cloudflare Distribution)
  2. Create an S3 Bucket and give it this policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::oselot-docs/*",
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/public": "yes"
}
}
}
]
}

3. Create a CloudFlare distro with the bucket as the origin, and add your subdomain as a CNAME. Choose the cert you just created
4. Point your subdomain to the subdomain at the cloudflare distro subdomain

--

--