Unable to connect AWS S3 to CloudFlare

I have set AWS S3 in the Origin of Cloudflare according to the official document [1], but the images uploaded to AWS S3 cannot be viewed in the browser.

What I tried

1. Deploy AWS S3

I deployed by matching the bucket name with the domain I want to refer to.
Bucket name : assets . example . io

S3 Config

Setting a Static Hosting bucket.
The access policy is as follows.

{
    "Version": "2012-10-17",
    "Id": "PublicReadGetObject",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::assets.example.io/*",
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": [
                        "173.245.48.0",
                        "103.21.244.0",
                        "103.22.200.0",
                        "103.31.4.0",
                        "141.101.64.0",
                        "108.162.192.0",
                        "190.93.240.0",
                        "188.114.96.0",
                        "197.234.240.0",
                        "198.41.128.0",
                        "162.158.0.0",
                        "104.16.0.0",
                        "104.24.0.0",
                        "172.64.0.0",
                        "131.0.72.0"
                    ]
                }
            }
        },
        {
            "Sid": "PublicReadGetObjectAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::assets.example.io/*"
        }
    ]
}

2. Add a CNAME record on Cloudflare’s DNS screen

I have set the following DNS records in Origin for AWS S3.

  • Type : CNAME
  • Name : assets
  • Targate : assets . example . io . s3-website-ap-northeast-1 . amazonaws . com
  • Proxy : true
  • TTL : auto

3. View

I referred to it at the following URL, but I couldn’t see the image. The error screen is as shown in the attached image.
https://assets.example.io/hoge.jpg

[1] https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare

Unnecessary Cloudflare Workers responded to the root and got an error.
When I removed CloudFlareWorkers, the following error occurred.

`` ```

403 Forbidden

  • Code: AccessDenied
  • Message: Access Denied
  • RequestId: XXXX
  • HostId: XXXX

An Error Occurred While Attempting to Retrieve a Custom Error Document

  • Code: AccessDenied
  • Message: Access Denied
    `` ```

When I registered my IP address in S3 as a trial, I was able to display the image without any problem.
It looks like the Cloudflare IP address set in the S3 access policy is incorrect.

Is it possible to get the correct Cloudflare IP address?

Even if you set the IP address on the following page, S3 will deny access.
https://www.cloudflare.com/ips-v4

The connection was successful.
It seems that it was necessary to register IPV6 and set Proxy of DNS record.

It’s a solution.