No image

aMiSTACX S3 Titanium HA for WordPress Guide

S3 Titanium for WordPress Guide & Performance Tips

The S3 Titanium Plugin for WordPress by aMiSTACX is designed to put WordPress into a stateless or semi-stateless configuration. This means all components such as WP Media and Static content are hosted from AWS S3, and the database resides on an AWS RDS instance.

This configuration puts the architecture of WordPress into a true 3-Tier design that will allow true on-demand scaling – vertical and horizontal, and will allow the use of advanced high availability [HA] architecture such as AWS auto scale groups.

Note: Our plugin and this stack is designed for individuals with advanced technical ability and understand and have experience with AWS infrastructure and Cloud technology.

Note 2: For best results it is best to make sure you are either building your site from new, or to make sure your theme can handle the S3 deployment. Some themes [that are built correctly] offer seamless integration with our plugin, others require modification.

Plan Ahead – DNS

Tip 1. – If you selected the option to configure a custom domain for your S3T name resolution, then here are some useful tips:

e.g. [root] and [S3]

Fixing: Serve the following static resources from a domain that doesn’t set cookies:

You cannot disable cookies on resources served throughCDN Cloudflare. While some speed recommendations will suggest eliminating cookies for static resources, the performance implications are extremely minimal. Cloudflare cookies are also required so security features work properly.

Tip 2. – You need to have Cloudflare S3 CNAME set to CDN ON [Orange Cloud]. If you do not, then you will get mixed content warnings. Also make sure the S3 domain that Cloudflare is using has the Cloudflare SSL set to FULL.

Tip 3. – Very Important! Wait about 15-30 minutes for Cloudflare to kick in before you upload any WordPress media content; otherwise, you will get certificate warnings. For example, say WordPress sets a path to a media image that looks like this:

But when Cloudflare CDN has not fully propagated, you will get served a URL that looks like this:

Plus you will get a certificate warnings.

Tip 4. Static Content Deployment to S3

You have the option to deploy static content. If this option is enabled, please disable Apache PageSpeed Module and Redis. A/B test with any local caching engine. Everything will be served through S3 and the CDN will cache everything and serve at the edge.

WP S3 Titanium Configuration

The AWS Keys


These keys will be used to connect and manage S3 buckets from the S3Rocket Module. Go to the AWS IAM console and create a user with programmatic access and attach the AmazonS3FullAccess policy to the account. Copy both keys and keep them in a safe and secure place.

A. Create user and assign Programmatic Access

B. Select Attach existing policies directly, enter S3 to filter results, select AmazonS3FullAccess

C. Review & Create user

D. Copy and Download a set of the S3 IAM access Keys


These keys will be used to connect and manage RDS instances from the S3Sonic Module. Go to the IAM console and create a user with programmatic access. 

ECreate user and assign Programmatic Access

F. Select Attach existing policies directly, enter RDS to filter results, select AmazonRDSFullAccess

G. Review & Create user.

H. Copy and Download a set of the S3Sonic IAM User access Keys


After activation of plugin, enter the keys into the appropriate sections to the AWS Key tab. If you are not going to use S3Sonic or S3Rocket, then there is no requirement to enter any keys in that module section. It makes for better security. Use only what you need.

TIP 5. If you have a lot of image files to sync to S3 temporarily use a larger LAMP/LEMP or RDS Database instance. This is because every URL will be re-written in the database.

Note: There are two separate “save” buttons!

Note: If keys are NOT entered, the specific module tabs will be locked.

aMiSTACX AWS Keys for S3Sonic and S3Rocket

S3Rocket TAB

Step 1. Decide to use an existing* bucket or create a new bucket. Make sure if you create a new bucket that the S3 Region matches the region-zone where the EC2 server resides.

aMiSTACX - S3Rocket S3 Bucket Creation

S3Rocket match region to S3 bucket location

After you create or select a bucket, all the tab’s options will show. Most of the common defaults are enabled.

Static Content Deployment [Optional] – This will upload and server CSS/JS content from S3. It is best to make sure you are either building your site from new, or to make sure your theme can handle the deployment. Some themes [that are built correctly] offer seamless integration with our plugin, others require modification. The static flush feature will clear and initiate a re-sync.

Note*: For legacy S3 buckets using S3Rocket and static content deployment use the fix CORS feature to set the bucket permissions.

Step 2. If you are using a custom Domain [recommended] then enable the feature and enter the domain or subdomain. Normally you would want to flag it as a subdomain for tracking purposes. e.g. or or even

S3Rocket Custom URL - Domain Name - Image Path

As shown with my example domain:

S3Rocket specifying a custom S3 domain

Clean and Dirty URLs

If you want to have a URL that looks like this, then go with the default options and with year/month ON:

If you want to clean-up your URL, leave the path field blank, and keep year/month OFF.

Note: Local storage is preserved; however, on S3 everything will be in root in a flat structure; is using the clean version.


You really do not need to force HTTPS, because you followed the stack instructions and are using “Always HTTPS” on Cloudflare, and/or have Let’s Encrypt Redirecting HTTP to HTTPS. [Better to have Cloudflare handle it at the DNS level.]

Warning! If you need to roll-back to local server for media file source, DO NOT delete your S3Bucket content. The reason is you may need it or decide you don’t want to use local. Local media sources embedded in webpages DO NOT roll-back to local source. They still point to S3 and will be broken. You will need to use search and replace from your database to correct these URLs. This can be very time consuming and prone to error. Be smart and make an AMI full image before you start.

Object versioning is NOT required, but there as an option if you run into issues.

Another advanced option is WebP image compression, and we recommend you make use of it. Please see our WebP article for more details.

WP S3Rocket Advanced Options

Roll-Back to Local

In the situation where you need to roll-back to having local server in order to serve media files; as of v1.1.3 you now have this option. You must set the first two top switches to off, and the third switch [Reset URLs to Local] to On. Save settings, then use the [SYNC] button.

Please test everything on your Development Server First, and make a full backup of Production before you proceed.

S3 Titanium Rollback to Local from S3 switches

Advanced S3 Bucket Security Configuration

S3Rocket S3 Bucket Security

When switched ON, you can prevent hot-linking, or access to the direct S3 bucket content raw URL as we set a bucket policy allowing only the IP or specified URL access.


Most Recent Version

1.3.4 January 24th, 2021 : S3 Bucket Enhanced Security


S3Sonic TAB

S3Sonic will allow the spawning of AWS RDS MySQL read replicas. This may be used on very high volume sites, or sites that require High Availability. Should the main db crash, then the RR will continue read operations, and you can promote it as primary. Again, this is beyond the scope of this simple how-to-do.

Overall an RR will increase throughput and offer high availability. However, make sure you test in development prior to deployment to a production eCommerce site.


When all is configured correctly and working in harmony with our aMiSTACX stack, the feeling of stability and performance is awesome. This is why we call this module series for WordPress and Magento is called S3 Titanium. Don’t just take our word for it.

Note: Should you have interest in using S3 Titanium with AWS Auto Scale, please review this article.

 * Customer was actually using a WordPress S3 Titanium, not an F1X LEMP stack.

Weaponize your Business with aMiSTACX!