Cloudflare R2
Store backups in Cloudflare R2 with zero egress fees.
Overview
Cloudflare R2 is an S3-compatible object storage with a unique pricing model:
- ✅ Zero egress fees - Download as much as you want
- ✅ S3-compatible API
- ✅ Global distribution via Cloudflare network
- ✅ Automatic geographic distribution
Configuration
| Field | Description | Example |
|---|---|---|
| Name | Friendly name | R2 Backups |
| Account ID | Cloudflare Account ID | a1b2c3d4... |
| Bucket | R2 bucket name | backups |
| Access Key ID | R2 API token key | Required |
| Secret Access Key | R2 API token secret | Required |
| Path Prefix | Folder within bucket | /db-backups |
Cloudflare Setup
Create R2 Bucket
- Login to Cloudflare Dashboard
- Go to R2 in sidebar
- Click Create bucket
- Enter bucket name
- Click Create bucket
Create API Token
- In R2 section, click Manage R2 API Tokens
- Click Create API token
- Configure permissions:
- Object Read & Write for your bucket
- Copy the Access Key ID and Secret Access Key
Save Credentials
The Secret Access Key is only shown once. Save it securely!
Find Account ID
Your Account ID is in the URL when logged into Cloudflare:
https://dash.cloudflare.com/YOUR_ACCOUNT_ID/...Or find it in the R2 overview page.
Configuration Example
Account ID: abc123def456
Bucket: my-backups
Access Key ID: xxxxxxxxxxxxxxxx
Secret Access Key: xxxxxxxxxxxxxxxxxxxxxxxx
Path Prefix: /productionDBackup automatically constructs the endpoint:
https://abc123def456.r2.cloudflarestorage.comCost Comparison
R2 vs S3
| Operation | R2 | S3 Standard |
|---|---|---|
| Storage | $0.015/GB/mo | $0.023/GB/mo |
| Class A (write) | $4.50/million | $5.00/million |
| Class B (read) | $0.36/million | $0.40/million |
| Egress | $0 | $0.09/GB |
When R2 Saves Money
R2 is cheaper when you:
- Download backups frequently
- Restore databases often
- Use Storage Explorer heavily
- Transfer between regions
Features
Automatic Distribution
R2 automatically replicates data globally. No region selection needed.
S3 Compatibility
Works with any S3-compatible tool:
- AWS CLI
- rclone
- Cyberduck
Bucket Lifecycle (Coming)
Cloudflare is adding lifecycle rules for automatic transitions.
Limitations
No Storage Classes
Unlike S3, R2 has a single storage tier. No Glacier equivalent.
Regional Considerations
R2 stores data globally but may have compliance implications:
- Check if global distribution meets your requirements
- Consider for non-sensitive data
Integration with Cloudflare
Workers Integration
Access backups via Cloudflare Workers for custom processing:
// Worker example
export default {
async fetch(request, env) {
const object = await env.MY_BUCKET.get("backup.sql");
return new Response(object.body);
}
}Custom Domain
Serve backups via custom domain:
- Go to R2 bucket settings
- Add custom domain
- Access via
https://backups.example.com/file.sql
Troubleshooting
Invalid Account ID
Invalid accountIdSolutions:
- Copy Account ID from Cloudflare dashboard
- Remove any spaces
- Verify format (alphanumeric)
Access Denied
AccessDeniedSolutions:
- Verify API token has read/write permissions
- Check token is for the correct bucket
- Regenerate API token if needed
Bucket Not Found
NoSuchBucketSolutions:
- Verify bucket name (case-sensitive)
- Create bucket in R2 dashboard
- Check Account ID is correct
Security
API Token Best Practices
- Create dedicated token for DBackup
- Limit to specific bucket
- Use Object Read & Write only
- Rotate tokens periodically
Encryption
Enable DBackup encryption for sensitive data:
- R2 encrypts at rest automatically
- DBackup adds client-side encryption
- Zero-knowledge: Cloudflare can't read your data
Migration from S3
Using rclone
rclone copy s3:my-bucket r2:my-r2-bucket --progressUpdate DBackup
- Create R2 destination in DBackup
- Update jobs to use new destination
- Verify backups work
- Remove old S3 destination