Logpush to encrypted S3 bucket

I am able to use LogPush service to push logs to my S3 bucket that is encrypted using default AWS S3 keys. I would like to encrypt my S3 bucket with an AWS customer managed key instead. From documentation, it seems like CloudFlare is using an IAM user thats created by CloudFlare to push the logs:

It seems like I will not be able to grant the CloudFlare IAM user with the permission to use my customer managed key as the user is managed by CloudFlare.

Would like to check if anyone knows if LogPush service is able to push logs to S3 bucket that is encrypted using customer managed keys instead of default AWS S3 key or it currently only supports pushing logs to and S3 bucket that is encrypted by default AWS S3 key.


The new version of Logpush does not rely on Cloudflare’s IAM user, however it is not generally available yet.

If you run into anything unexpected with Logpush, I recommend to contact our support straight away so that we could take a look at the logs.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.