aws4fetch
You must generate an Access Key before getting started. All examples will utilize access_key_id
and access_key_secret
variables which represent the Access Key ID and Secret Access Key values you generated.
JavaScript or TypeScript users may continue to use the aws4fetch
↗ npm package as per normal. This package uses the fetch
and SubtleCrypto
APIs which you will be familiar with when working in browsers or with Cloudflare Workers.
You must pass in the R2 configuration credentials when instantiating your S3
service client:
import { AwsClient } from "aws4fetch";
const R2_URL = `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`;
const client = new AwsClient({ accessKeyId: ACCESS_KEY_ID, secretAccessKey: SECRET_ACCESS_KEY,});
const ListBucketsResult = await client.fetch(R2_URL);console.log(await ListBucketsResult.text());// <ListAllMyBucketsResult>// <Buckets>// <Bucket>// <CreationDate>2022-04-13T21:23:47.102Z</CreationDate>// <Name>user-uploads</Name>// </Bucket>// <Bucket>// <CreationDate>2022-05-07T02:46:49.218Z</CreationDate>// <Name>my-bucket-name</Name>// </Bucket>// </Buckets>// <Owner>// <DisplayName>...</DisplayName>// <ID>...</ID>// </Owner>// </ListAllMyBucketsResult>
const ListObjectsV2Result = await client.fetch( `${R2_URL}/my-bucket-name?list-type=2`,);console.log(await ListObjectsV2Result.text());// <ListBucketResult>// <Name>my-bucket-name</Name>// <Contents>// <Key>cat.png</Key>// <Size>751832</Size>// <LastModified>2022-05-07T02:50:45.616Z</LastModified>// <ETag>"c4da329b38467509049e615c11b0c48a"</ETag>// <StorageClass>STANDARD</StorageClass>// </Contents>// <Contents>// <Key>todos.txt</Key>// <Size>278</Size>// <LastModified> 2022-05-07T21:37:17.150Z</LastModified>// <ETag>"29d911f495d1ba7cb3a4d7d15e63236a"</ETag>// <StorageClass>STANDARD</StorageClass>// </Contents>// <IsTruncated>false</IsTruncated>// <MaxKeys>1000</MaxKeys>// <KeyCount>2</KeyCount>// </ListBucketResult>
You can also generate presigned links that can be used to share public read or write access to a bucket temporarily.
import { AwsClient } from "aws4fetch";
const client = new AwsClient({ service: "s3", region: "auto", accessKeyId: ACCESS_KEY_ID, secretAccessKey: SECRET_ACCESS_KEY,});
const R2_URL = `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`;
// Use the `X-Amz-Expires` query param to determine how long the presigned link is valid.console.log( ( await client.sign( new Request(`${R2_URL}/my-bucket-name/dog.png?X-Amz-Expires=${3600}`), { aws: { signQuery: true }, }, ) ).url.toString(),);// https://<accountid>.r2.cloudflarestorage.com/my-bucket-name/dog.png?X-Amz-Expires=3600&X-Amz-Date=<timestamp>&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<credential>&X-Amz-SignedHeaders=host&X-Amz-Signature=<signature>
// You can also create links for operations such as PutObject to allow temporary write access to a specific key.console.log( ( await client.sign( new Request(`${R2_URL}/my-bucket-name/dog.png?X-Amz-Expires=${3600}`, { method: "PUT", }), { aws: { signQuery: true }, }, ) ).url.toString(),);
You can use the link generated by the PutObject
example to upload to the specified bucket and key, until the presigned link expires.
curl -X PUT "https://<accountid>.r2.cloudflarestorage.com/my-bucket-name/dog.png?X-Amz-Expires=3600&X-Amz-Date=<timestamp>&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<credential>&X-Amz-SignedHeaders=host&X-Amz-Signature=<signature>" -F "data=@dog.png"