How to Handle Costs with Amazon S3's Requester Pays Option
Jay Tillu
Arjun had been sharing large open datasets from his Amazon S3 bucket with clients around the world.
But over time, he noticed his AWS bill was rising — not from storing the data, but from downloads made by others.
“Why am I paying for the bandwidth when they are downloading my files?” he wondered.
That’s when he discovered a lesser-known S3 feature:
📦 S3 Requester Pays
🧾 The Default: Bucket Owner Pays
By default, the S3 bucket owner is charged for:
Storage (per GB stored)
AND
Data transfer costs (when someone downloads files)
Even if someone else downloads 100 GB from Arjun’s bucket, the bill lands in his account.
💡 Enter: Requester Pays
With Requester Pays, Arjun can flip the model:
The requester (i.e., the downloader) pays for the networking costs associated with the download — not Arjun.
✅ When to Use Requester Pays
You’re hosting public or shared datasets
You want to offload download costs to the users
Your data is accessed by other AWS accounts
You’re distributing large files or scientific data
(e.g., genome data, satellite images, machine learning sets)
🚫 Requester Pays requires:
The requester must be an authenticated AWS identity (IAM user/role)
AWS needs to know who to bill for the download
🌐 Public URLs (presigned or static S3 links):
Are anonymous by nature
Anyone on the internet can access them without logging in
So AWS has no way to bill them — and will block the download in a Requester Pays bucket
❌ So Public URL and Requester Pay don’t work together.
📌 So What Happens If Arjun Shares a Public URL?
If Requester Pays is enabled and someone tries to download via a public URL, they’ll get:
bashCopyEdit403 Access Denied – Requester Pays buckets require authentication
🧠 Alternative Approach for Public Sharing
If Arjun wants anyone on the internet to access the files freely:
✅ He can make the bucket or objects public
❌ But he will pay for all download costs
So it's a tradeoff:
🔐 Requester Pays = access is limited to authenticated AWS users
🌐 Public access = anyone can download, but you pay
⚠️ Rules You Need to Know
🧍♂️ The requester must be authenticated.
No anonymous access
AWS must know who to bill
🧾 Bucket owner still pays for storage.
- Only the data transfer cost is passed to the requester
🔐 Permissions still apply.
- Just because it's Requester Pays doesn’t make it public — users still need proper IAM permissions or presigned URLs
🧪 Real-World Scenario
Imagine Arjun uploads 500GB of research data to S3. He wants anyone in the research community to access it — but doesn’t want to fund the bandwidth cost.
He enables Requester Pays on the bucket.
Now, when other AWS users (authenticated) download the data:
✅ They get access (if permissions allow)
✅ Arjun pays nothing for their download bandwidth
✅ They pay for the transfer on their AWS bill
“I still share my data — but now others cover the download cost. Fair deal!” Arjun smiled.
🚀 Final Thought from Arjun
“S3 Requester Pays gave me a smart way to share my data without absorbing the cost. It’s perfect when collaboration meets cloud economics.”
More AWS SAA Articles
Understanding Amazon S3 Storage Classes for Smarter Storage Solution
How to Effectively Use Amazon S3 Replication for Data Duplication
AWS Load Balancers: How Deregistration Delay Ensures Seamless Shutdowns
Follow me for more such content
Subscribe to my newsletter
Read articles from Jay Tillu directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Jay Tillu
Jay Tillu
Hello! I'm Jay Tillu, an Information Security Engineer at Simple2Call. I have expertise in security frameworks and compliance, including NIST, ISO 27001, and ISO 27701. My specialities include Vulnerability Management, Threat Analysis, and Incident Response. I have also earned certifications in Google Cybersecurity and Microsoft Azure. I’m always eager to connect and discuss cybersecurity—let's get in touch!