Skip to main content

Setting up BunnyCDN for use with Amazon S3

Step 1: Create an IAM user with permissions to read from the S3 Bucket

Create an IAM user which will be used by BunnyCDN to access the buckets it serves from. Make sure this user has permissions to use s3::GetObject on the buckets in question. Example IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::bucket-name/*",
                "arn:aws:s3:::another-bucket-name/*"
            ]
        }
    ]
}
Step 2: Create access credentials for the IAM user you created in step 1

Go to the IAM Console -> Users -> <the IAM user you created> -> Security Credentials -> Create Access Key. Select “other use case” and note the access and secret keys; you’ll need to add them to BunnyCDN later so it can access the bucket properly.

Step 3: Ensure your S3 bucket policy allows this user to access the bucket

Go to S3 -> <your bucket> -> Permissions. Add, or modify, your bucket policy to allow the IAM user you created earlier to access the bucket.

Example bucket policy:

{
    "Version": "2012-10-17",
    "Id": "Policy1234567890",
    "Statement": [
        {
            "Sid": "Stmt1234567890",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<your-account-number>:user/<the name of the IAM user you created in step 1>"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<the name of this s3 bucket>/*"
        }
    ]
}

Be aware: if your bucket currently has some other access policy, you might want to add this statement to it instead of replacing the whole policy, or it might cause parts of your application to be denied access.

Step 4: Create a Pull Zone in BunnyCDN

After making your Bunny account, go to Delivery -> CDN in the dashboard, and then click Add Pull Zone at the top.

  • Pull zone name: not relevant per se, but I would suggest naming it the same as your S3 bucket name to avoid confusion later.
  • Origin URL: This is the S3 URL to your bucket, which is always in this form: https://<your bucket name>.s3.<AWS region, e.g. eu-west-1>.amazonaws.com . You do not need static website hosting enabled on your S3 bucket for this (and it shouldn’t be enabled).
  • Choose Tier: Up to you. I’d suggest the high volume tier ($0.005 per GB, 10 CDN nodes) rather than the $0.01 per GB standard tier that has a lot more nodes.
  • Pricing Zones: This only applies if using the Standard tier, I would suggest only using Europe and US as the other zones are significantly more expensive.
Back to top