aMiSTACX S3 Titanium HA for WordPress Guide

S3 Titanium for WordPress Guide & Performance Tips

The S3 Titanium Plugin for WordPress by aMiSTACX is designed to put WordPress into a stateless or semi-stateless configuration. This means all components such as WP Media and Static content are hosted from AWS S3, and the database resides on an AWS RDS instance.

This configuration puts the architecture of WordPress into a true 3-Tier design that will allow true on-demand scaling – vertical and horizontal, and will allow the use of advanced high availability [HA] architecture such as AWS auto scale groups.

Note: Our plugin and this stack is designed for individuals with advanced technical ability, and have experience with AWS infrastructure and cloud technology.

Note 2: For best results, it is suggested to build your site from new, and/or to make sure your theme can handle the S3 deployment. Some themes [that are built correctly] offer seamless integration with our plugin, others require modification.

aMiSTACX S3 Titanium for WordPress Review
WordPress deployment w/ S3R-Alpha plugin

Plan Ahead : DNS

Fixing: Serve the following static resources from a domain that doesn’t set cookies:

You cannot disable cookies on resources served through CDN Cloudflare. While some speed recommendations will suggest eliminating cookies for static resources, the performance implications are extremely minimal. Cloudflare cookies are also required so security features work properly.

Tip. You need to have Cloudflare S3 CNAME set to CDN ON [Orange Cloud]. If you do not, then you will get mixed content warnings. Also make sure the S3 domain that Cloudflare is using has the Cloudflare SSL set to FULL.

When Cloudflare CDN has not fully propagated, you will get served a URL that looks like this:

Plus you will get certificate warnings.

Tip. Static Content Deployment to S3

You have the option to deploy static content. If this option is enabled, please disable Apache PageSpeed Module and Redis. A/B test with any local caching engine. Everything will be served through S3 and the CDN will cache everything and serve at the edge.

WP S3 Titanium Configuration

The AWS Keys


These keys will be used to connect and manage S3 buckets from the S3R-Alpha module. Go to the AWS IAM console, and create a user with programmatic access, and attach the AmazonS3FullAccess policy to the account. Copy both keys and keep them in a safe and secure place.

A. Create user and assign Programmatic Access

B. Select Attach existing policies directly, enter S3 to filter results, select AmazonS3FullAccess

C. Review & Create user

D. Copy and Download a set of the S3 IAM access Keys


These keys will be used to connect and manage RDS instances from the S3Sonic Module. Go to the IAM console and create a user with programmatic access. 

ECreate user and assign Programmatic Access

F. Select Attach existing policies directly, enter RDS to filter results, select AmazonRDSFullAccess

G. Review & Create user.

H. Copy and Download a set of the S3Sonic IAM User access Keys


After activation of plugin, enter the keys into the appropriate sections to the AWS Key tab. If you are not going to use S3Sonic or S3R-Alpha, then there is no requirement to enter any keys in that module section. It makes for better security. Use only what you need, and disable and remove the module if you do not intend to use it.

Tip: If you have a lot of image files to sync to S3 temporarily use a larger EC2 or RDS Database instance. This is because every URL will be re-written in the database.

Note: There are two separate “save” buttons!

Note: If keys are NOT entered, the specific module tabs will be locked.

aMiSTACX AWS Keys for S3Sonic and S3R-Alpha

S3R-Alpha TAB

Step 1. Decide to use an existing* bucket or create a new bucket. Make sure if you create a new bucket that the S3 Region matches the region-zone where the EC2 server resides.

aMiSTACX - S3R-Alpha S3 Bucket Creation
S3R-Alpha match region to S3 bucket location

After you create or select a bucket, all the tab’s options will show. Most of the common defaults are enabled.

Static Content Deployment [Optional] – This will upload and server CSS/JS content from S3. It is best to make sure you are either building your site from new, or to make sure your theme can handle the deployment. Some themes [that are built correctly] offer seamless integration with our plugin, others require modification. The static flush feature will clear and initiate a re-sync.

Note*: For legacy S3 buckets using S3R-Alpha and static content deployment use the fix CORS feature to set the bucket permissions.

Step 2. If you are using a custom Domain [recommended] then enable the feature and enter the domain or subdomain. Normally you would want to flag it as a subdomain for tracking purposes, e.g., or or even

S3R-Alpha Custom URL - Domain Name - Image Path

As shown with my example domain:

S3R-Alpha specifying a custom S3 domain

Clean and Dirty URLs

If you want to have a URL that looks like this, then go with the default options and with year/month ON:

If you want to clean-up your URL, leave the path field blank, and keep year/month OFF.

Note: Local storage is preserved; however, on S3 everything will be in the bucket root in a flat structure.


You really do not need to force HTTPS, because you followed the stack instructions and are using “Always HTTPS” on Cloudflare. [Better to have Cloudflare handle it at the DNS level.]

Object versioning is not required, but there as an option if you run into issues.

Another advanced option is WebP image compression, and we recommend you make use of it. Please see our WebP article for more details.

WP S3R-Alpha Advanced Options

Roll-Back to Local

In the situation where you need to roll-back to having local server in order to serve media files; as of v1.1.3 you now have this option. You must set the first two top switches to off, and the third switch [Reset URLs to Local] to On. Save settings, then use the [SYNC] button.

Please test everything on your Development Server First, and make a full backup of Production before you proceed.

S3 Titanium Rollback to Local from S3 switches

Advanced S3 Bucket Security Configuration

S3R-Alpha S3 Bucket Security

When switched ON, you can prevent hot-linking, or access to the direct S3 bucket content raw URL as we set a bucket policy allowing only the IP or specified URL access.

S3T Versions

1.3.4 January 24th, 2021 : S3 Bucket Enhanced Security

S3Sonic TAB

S3Sonic will allow the spawning of AWS RDS MySQL read replicas. You may want to consider this option when database requirements are very high, or sites that require High Availability. Should the main db crash, then the RR will continue read operations, and you can promote it as primary. Again, this is beyond the scope of this simple how-to-do.

Overall an RR will increase throughput and offer high availability; however, make sure you test in development prior to deployment to a production ecommerce site.

S3Sonic Configuration on AWS


In situations where you may have deleted some S3 Titanium files for S3R-Alpha or S3Sonic:

1. You need the aMiSTACX S3-Titanium plugin.


2. You need this line in wp-config.php

define('WP_TEMP_DIR', dirname(__FILE__) . '/wp-content/temp/');

3. You need the temp directory named in the above. If missing create it.


4. In root of wordpress you need this file:

db-config.json #Used for S3Sonic; can be blank {} if not using S3Sonic.

5. The /etc/crontab has a job for webp:

# WordPress aMiSTACX
*/1 * * * * root wget -O - >/dev/null 2>&1

6. Reset permissions to baseline if you made any alterations:

sudo chown -R www-data:www-data /var/www/wordpress

Weaponize your Business with aMiSTACX!