Skip to content
Visit Logs on GitHub
Set theme to dark (⇧+D)

Enable Amazon S3

Cloudflare Logpush supports pushing logs directly to Amazon S3 via the Cloudflare dashboard or via API.

Manage via the Cloudflare dashboard

Enable Logpush to Amazon S3 via the Cloudflare dashboard.

Manage via API

Cloudflare uses Amazon Identity and Access Management (IAM) to gain access to your S3 bucket. The Cloudflare IAM user needs PutObject permission for the bucket.

Logs are written into that bucket as gzipped objects using the S3 Access Control List (ACL) Bucket-owner-full-control permission.

For illustrative purposes, imagine that you want to store logs in the bucket burritobot, in the logs directory. The S3 URL would then be s3://burritobot/logs.

To enable Logpush to Amazon S3:

  1. Create an S3 bucket. See instructions from Amazon. Note: buckets in China regions (cn-north-1, cn-northwest-1) are currently not supported.

  2. Edit and paste the policy below into S3 > Bucket > Permissions > Bucket Policy (make sure to replace the Resource value with your own bucket path):

{  "Id": "Policy1506627184792",  "Version": "2012-10-17",  "Statement": [    {      "Sid": "Stmt1506627150918",      "Action": [        "s3:PutObject"      ],      "Effect": "Allow",      "Resource": "arn:aws:s3:::burritobot/logs/*",      "Principal": {        "AWS": [          "arn:aws:iam::391854517948:user/cloudflare-logpush"        ]      }    }  ]}