AWSGlossary

S3 Requester Pays: What It Is and When to Use It

Definition

S3 Requester Pays is a feature of Amazon Simple Storage Service (Amazon S3) that shifts the cost of data transfer and API requests from the bucket owner to the entity making the request. This allows data owners to share large datasets publicly or with specific partners without incurring the costs associated with data access.

How It Works

By default, the owner of an S3 bucket pays for all associated costs, including storage, data transfer out, and requests. When Requester Pays is enabled on a bucket, this model is partially inverted. The bucket owner continues to pay for the cost of storing the data, but the requester pays for the costs of accessing that data.

For this to work, every request made to a Requester Pays bucket must be authenticated and include a special HTTP header: x-amz-request-payer with the value requester. This header serves as the requester's acknowledgment that they will be charged. If this header is missing, Amazon S3 will deny the request with a 403 Forbidden error.

Because all requests must be authenticated for AWS to identify and bill the correct account, anonymous access is not permitted on Requester Pays buckets. The AWS account associated with the AWS Identity and Access Management (IAM) user or role making the request is billed for:

  • Data Transfer Out: Charges for data downloaded from the S3 bucket to the internet or another AWS Region.
  • Requests: Charges for API operations like GET, HEAD, COPY, LIST, etc.

This mechanism enables a scalable and cost-effective way for organizations to distribute large volumes of data.

Key Features and Limits

  • Bucket-Level Configuration: Requester Pays is a setting applied to an entire S3 bucket, not to individual objects or prefixes within it.
  • Cost Allocation: The requester is billed for data downloads (Data Transfer Out) and request fees (e.g., GET, PUT, LIST). The bucket owner always pays for data storage, data uploads (Data Transfer In), and any costs associated with lifecycle transitions.
  • Authentication Required: All requests to a Requester Pays bucket must be authenticated using valid AWS credentials. Anonymous public access is disabled.
  • Explicit Opt-In: Requesters must explicitly include the x-amz-request-payer header in their API calls or use the equivalent parameter in AWS SDKs and the AWS Command Line Interface (CLI) (--request-payer).
  • Service Incompatibilities:
    • S3 Website Hosting: Cannot be used with Requester Pays because requests from a browser to a website endpoint do not include the required header.
    • BitTorrent: The BitTorrent protocol is not supported for objects in a Requester Pays bucket.
    • SOAP API: Requests made via the SOAP protocol are not supported.
    • S3 End User Logging: A Requester Pays bucket cannot be the target for server access logs. However, you can enable logging on a Requester Pays bucket if the target logging bucket is not a Requester Pays bucket.

Common Use Cases

  1. Large-Scale Dataset Distribution: Research institutions, government agencies, and data analytics companies can host large datasets (e.g., genomic data, satellite imagery, machine learning models) and allow the public or specific customers to download and analyze the data at their own expense.

  2. Centralized Data Repositories: A central IT department can provide access to shared assets like software installers, logs, or analytics data, with individual business units or departments paying for their own data retrieval.

  3. Third-Party Content Delivery: Media companies can store large video files, images, or other digital assets, allowing partners and clients to pull the content for their own use while covering the associated download costs.

  4. Software and Patch Distribution: Software vendors can use Requester Pays buckets to distribute large installation packages or updates, ensuring that the customers downloading the software bear the data transfer costs.

Pricing Model

The fundamental pricing change with Requester Pays is the shift of specific cost components from the bucket owner to the data requester.

The Bucket Owner Pays For:

  • Storage: Monthly fees for data stored in the bucket, based on the S3 storage class (e.g., S3 Standard, S3 Intelligent-Tiering, S3 Glacier).
  • Data Transfer In: Costs associated with uploading data into the S3 bucket.
  • Lifecycle Management: Fees for any lifecycle transitions that move objects between storage classes.

The Requester Pays For:

  • Data Transfer Out: Standard AWS data transfer charges for any data downloaded from the bucket.
  • Requests: Per-request fees for API actions like GET, PUT, COPY, POST, or LIST.

This model follows the standard pay-as-you-go structure of AWS, with no upfront commitments required. For detailed and current pricing, always consult the official Amazon S3 pricing page and the AWS Pricing Calculator.

Pros and Cons

Pros:

  • Cost Elimination for Data Owners: The primary benefit is that data providers can share vast amounts of data without being responsible for unpredictable and potentially massive data transfer costs.
  • Enables Data Democratization: Removes the financial barrier for institutions wanting to make valuable datasets widely available for research and innovation.
  • Simplified Chargebacks: Eliminates the need for bucket owners to build complex custom solutions to bill consumers for data access.

Cons:

  • Increased Requester Complexity: Requesters must modify their tools and applications to include the x-amz-request-payer header, which can be a barrier to adoption.
  • No Anonymous Access: The requirement for all requests to be authenticated makes it unsuitable for datasets that need to be accessible to users without an AWS account.
  • Pre-signed URL Billing: When a pre-signed URL is used to access an object in a Requester Pays bucket, the cost is charged to the AWS account that generated the URL, not the end-user who uses it. This can lead to unexpected costs if not managed carefully.

Comparison with Alternatives

S3 Requester Pays vs. S3 Pre-signed URLs

| Feature | S3 Requester Pays | S3 Pre-signed URLs | | :--- | :--- | :--- | | Primary Purpose | Shift ongoing data access costs to the requester. | Provide temporary, secure access to a specific private object. | | Who Pays? | The requester's AWS account is billed for data transfer and requests. | The bucket owner's AWS account is billed for all costs. | | Access Scope | Applies to the entire bucket. | Applies to a single object. | | Authentication | Requester must have an authenticated AWS identity. | The end-user does not need an AWS identity to use the URL. | | Duration | Access is ongoing as long as permissions are valid. | Access is time-limited, up to 7 days. |

When to Choose:

  • Use Requester Pays when you want to make a large, stable dataset available for others to access at their own expense.
  • Use Pre-signed URLs for granting short-term, specific access to private files (e.g., a user downloading their own invoice), where the bucket owner covers the cost.

Exam Relevance

S3 Requester Pays is a relevant topic for several AWS certifications, particularly those focused on architecture, cost optimization, and development.

  • AWS Certified Solutions Architect - Associate (SAA-C03): Questions may focus on designing cost-effective solutions for data sharing. Knowing when to use Requester Pays versus other methods like CloudFront or pre-signed URLs is key.
  • AWS Certified Developer - Associate (DVA-C02): Examinees should understand the technical implementation, specifically the need to include the x-amz-request-payer header in API calls when interacting with these buckets.
  • AWS Certified SysOps Administrator - Associate (SOA-C02): Focuses on the operational aspects, such as configuring the bucket property, monitoring access, and understanding the billing implications.

Frequently Asked Questions

Q: Can I use Requester Pays for a public website hosted on S3?

A: No, S3 static website hosting is not compatible with Requester Pays. Website endpoint requests do not support the required x-amz-request-payer header, and the feature also disallows anonymous access, which is essential for a public website.

Q: Who pays for a request that fails due to a 'Permission Denied' error?

A: The requester is still charged for the API request, even if it fails. Because the request must be authenticated for AWS to identify the requester, the charge for the attempted operation is applied to their account.

Q: How do I enable Requester Pays on my S3 bucket?

A: You can enable Requester Pays through the AWS Management Console by navigating to your S3 bucket's 'Properties' tab and editing the 'Requester Pays' setting. Alternatively, you can use the AWS CLI with the aws s3api put-bucket-request-payment command or the equivalent function in the AWS SDKs.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS documentation before making production decisions.

Published: 4/27/2026 / Updated: 4/27/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Storage

S3 Object Lock: WORM Storage for Data Protection

Amazon S3 Object Lock offers WORM storage to prevent object deletion/overwriting. Essential for regulatory compliance and ransomware protection. Learn how it works.

S3 Transfer Acceleration: Fast, Easy, Secure Long-Distance Transfers

Amazon S3 Transfer Acceleration speeds up file transfers over long distances. Learn how it works and when to use this bucket-level feature for faster uploads and downloads.

S3 Pre-Signed URL: Temporary Access Explained

An S3 Pre-Signed URL grants temporary access to S3 objects without AWS credentials. Learn how it works and when to use it for secure uploads/downloads.

S3 Cross-Region Replication: How It Works & When to Use It

Amazon S3 Cross-Region Replication (CRR) automatically copies objects to another AWS Region. Enhance durability, minimize latency, and meet compliance. Learn when to use it.

S3 Bucket Policy: How It Works & When to Use It

An S3 Bucket Policy is a resource-based IAM policy attached to an S3 bucket for granular access control. Learn how it works and when to use it.

View all Storageterms →