Requester Pays
π° What is S3 "Requester Pays"?¶
Requester Pays is a feature that shifts the data transfer and request costs from the bucket owner to the requester.
π§Ύ Normally, the bucket owner pays for all requests and downloads.
But with Requester Pays enabled, the user downloading or accessing data pays instead.
π― When to Use Requester Pays¶
| Scenario | Benefit |
|---|---|
| Public data lakes (e.g., Open Government Data) | Owner avoids bandwidth costs |
| Cross-account access for partners/vendors | Each account pays its own usage |
| High-traffic archives (e.g., ML datasets, research) | Avoid unexpected bills on the owner |
| Shared team resources in enterprise | Ensures chargeback by usage |
π Key Requirements¶
-
Bucket owner must enable requester pays
-
Requester must use AWS CLI/SDK and include
RequestPayer=requester -
No anonymous access is allowed
-
Requesterβs account will be billed for data transfer and GET/list requests
π What Gets Charged?¶
| Action | Charged to Requester? |
|---|---|
| GET Object | β Yes |
| LIST Objects | β Yes |
| HEAD Object | β Yes |
| PUT/DELETE Object | β No (still billed to owner) |
| Storage (per GB/month) | β No (always paid by owner) |
π§ How to Enable Requester Pays¶
β AWS CLI¶
aws s3api put-bucket-request-payment \
--bucket my-bucket \
--request-payment-configuration Payer=Requester
π Check if enabled¶
π§βπ» Requester must use:¶
π οΈ Terraform Example¶
resource "aws_s3_bucket" "requester_bucket" {
bucket = "yuva-requester-pays-demo"
}
resource "aws_s3_bucket_request_payment_configuration" "rp" {
bucket = aws_s3_bucket.requester_bucket.id
payer = "Requester"
}
π« Limitations¶
| Limitation | Description |
|---|---|
| β No anonymous public access | All requests must be authenticated |
| β No access via S3 website endpoint | Only supported via AWS SDK/CLI/REST |
| β Not for S3 Glacier objects | Only works with Standard/IA classes |
| β Billing granularity | Only requesterβs AWS account is billed |
π§ Best Practices¶
-
Use bucket policies to allow
s3:GetObjectonly ifRequestPayer = requester -
Document usage expectations in shared/public datasets
-
Combine with cost allocation tags for tracking
π§Ύ Sample Bucket Policy (for requesters)¶
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGetWithRequesterPays",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {
"s3:RequestObjectTag/requester": "true"
}
}
}
]
}
β TL;DR Summary¶
| Feature | Description |
|---|---|
| What is it? | Requester pays for data access (not owner) |
| Who uses it? | Public datasets, shared buckets, cross-account |
| Owner pays? | Only for storage, not for GET/LIST requests |
| Requester pays? | For GET, LIST, HEAD, etc. |
| Anonymous? | β Not allowed |
| Access Method? | SDK, CLI, REST only |