Amazon S3 bucket

You can add your existing Amazon S3 bucket as an origin in This allows you to use real-time image optimization and resizing features on all existing images stored in the bucket.

Note: We do not start copying images from your bucket as soon as you add it. Instead, we will fetch the particular image when you request it through URL-endpoint. Learn more to understand how this works. The images accessed from this origin will not appear in your Media library.

Step 1: Configure origin

  1. Go to the external storage section in your dashboard, and under the Origins section, click on the "Add origin" button.

  2. Choose Amazon S3 bucket from the origin type dropdown.

  3. Give your origin a name, it will appear in the list of origins you have added. For example - Product images bucket.

  4. Fill out the S3 bucket name.

  5. Specify the S3 bucket folder in which your images are present. If you have to access files at the root (i.e., present directly in the bucket and not inside a folder), enter /.

  6. Fill out S3 access and secret keys. These keys should provide read-only access to as explained below.

  7. Leave the advanced options as it is for now.

  8. Click on the Submit button.

Read-only permission required needs read-only access to your S3 bucket. You can provide this by using the AWS Identity and Access Management (AIM) policy for your S3 bucket. Ideally, you should create a separate user for this purpose and assign the AIM policy for that particular user and the required buckets only.

Note that you need to provide permission for the operation s3::GetObject on the objects in your bucket. The minimal permission policy should look like below:

Note, that you need to change the bucket name to that of your bucket.

"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [

If you are not sure about how to create this policy in AWS console and needs a step by step guide with screenshots, check out this blog post.

Step 2: Access the image through URL-endpoint

When you add your first origin in the dashboard, the origin is by default made accessible through the default URL-endpoint of your account. For subsequent origins, you can either create a separate URL-endpoint or edit existing URL-endpoint (including default) and make this newly added origin accessible by editing the origin preference list.

Let's look at a few examples to fetch the images:

So when you request, internally access object at path rest-of-the-path.jpg in your bucket.

URL structure
URL structure
URL-endpoint transformation image path

If you get a "Not found" error while accessing the image, check out this troubleshooting guide.

β€‹πŸ§™β™‚Tips: You can also use a custom domain like

Step 3: Integrate and Go live

Now start using URL endpoint in your application to accelerate image loading.

Quickly get started with our SDKs:

Learn about real-time image resizing:

Handling special characters in file name

While fetching images from your S3 bucket with special characters in the name, you will get a 404 NOT FOUND response. For example, let’s assume that there is a key image%2Bexample.jpg in your S3 bucket, and the request is made using image+example.jpg in the URL. In this case, tries to fetch image+example.jpg object from the S3 bucket resulting in a 404 error as this object does not exist.

While adding S3 bucket as a source in your account, you are now provided with an option to encode the keys while fetching the object from your S3 bucket. By default, this option is disabled. When enabled, the requests made while fetching images will be made using encoded keys.

Note: At present, this feature can only be enabled upon request, please email support at

Advanced options for S3 type origin

Include canonical response header

When enabled, the image response contains a Link header with the appropriate URL and rel=canonical. You will have to specify the base URL for the canonical header.

For example, if you set as the base URL for canonical header, then the image response for URL will have a Link header like this:

Link: <>; rel="canonical"