How do I allow Cloudinary to read from my private S3 bucket?

In order to be able to migrate your assets from a private S3 bucket to Cloudinary, the S3 bucket must first be whitelisted on our end (contact

In addition, you must grant Cloudinary permission to read your protected content. Permission assignment can be done using Amazon's AWS S3 Console, by following this procedure:

  1. Select the relevant bucket.
  2. Select the "Properties" tab (or right click on the bucket and select Properties).
  3. Click the "Edit Bucket Policy" button in the bucket properties.
  4. Paste the following policy-text (change "BUCKETNAME" to the name of your bucket). If a policy already exists, append it to the existing one:
    "Version": "2012-10-17",
    "Id": "AWSConsole-AccessLogs-Policy-BUCKETNAME-cloudinary",
    "Statement": [
          "Sid": "AWSConsoleStmt-BUCKETNAME-cloudinary",
           "Effect": "Allow",
           "Principal": {
             "AWS": "232482882421"
           "Action": [
          "Resource": "arn:aws:s3:::BUCKETNAME/*"

Following this procedure and the one on our end, will allow you to use S3 URLs for  Upload APIs and Upload mapping.

Have more questions? Submit a request


  • Avatar

    Ok ive done that but cant work out how to upload now using teh bucket?

  • Avatar
    Nadav Ofir

    Once you have taken these steps you should be able to set-up upload mapping from your Cloudinary account to your private S3 bucket, as described here (See "Lazy migration and automatic upload of S3 images").

  • Avatar
    Julio Santana

    How can I set a key to allow Cloudinary read the private files in my Bucket??

  • Avatar
    Nadav Ofir

    Hi Julio,
    The above instructions should suffice to grant Cloudinary the permissions to read from your S3 bucket. If something isn't working for you, please open a support ticket and share the specific information so we can dig deeper.

    Edited by Nadav Ofir
Powered by Zendesk