Skip to content
Cloudflare Docs

Terraform (AWS)

You must generate an Access Key before getting started. All examples will utilize access_key_id and access_key_secret variables which represent the Access Key ID and Secret Access Key values you generated.


This example shows how to configure R2 with Terraform using the AWS provider.

With terraform installed:

  1. Create main.tf file, or edit your existing Terraform configuration
  2. Populate the endpoint URL at endpoints.s3 with your Cloudflare account ID
  3. Populate access_key and secret_key with the corresponding R2 API credentials.
  4. Ensure that skip_region_validation = true, skip_requesting_account_id = true, and skip_credentials_validation = true are set in the provider configuration.
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 5"
    }
  }
}


provider "aws" {
  region = "us-east-1"


  access_key = <R2 Access Key>
  secret_key = <R2 Secret Key>


  # Required for R2.
  # These options disable S3-specific validation on the client (Terraform) side.
  skip_credentials_validation = true
  skip_region_validation      = true
  skip_requesting_account_id  = true


  endpoints {
    s3 = "https://<account id>.r2.cloudflarestorage.com"
  }
}


resource "aws_s3_bucket" "default" {
  bucket = "<org>-test"
}


resource "aws_s3_bucket_cors_configuration" "default" {
  bucket   = aws_s3_bucket.default.id


  cors_rule {
    allowed_methods = ["GET"]
    allowed_origins = ["*"]
  }
}


resource "aws_s3_bucket_lifecycle_configuration" "default" {
  bucket = aws_s3_bucket.default.id


  rule {
    id     = "expire-bucket"
    status = "Enabled"
    expiration {
      days = 1
    }
  }


  rule {
    id     = "abort-multipart-upload"
    status = "Enabled"
    abort_incomplete_multipart_upload {
      days_after_initiation = 1
    }
  }
}

You can then use terraform plan to view the changes and terraform apply to apply changes.