Use Cloudflare R2 as a Zero Trust log destination
Last reviewed: over 1 year ago
This tutorial covers how to build a Cloudflare R2 bucket to store logs, and how to connect the bucket to the Zero Trust Logpush service to store logs persistently and export them into other tools.
- Ensure Cloudflare R2 and the Zero Trust Logpush integration are included in your plan. For more information, contact your account team.
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to R2 > Overview. Select Create bucket.
- Enter an identifiable name for the bucket, then select Create bucket.
- Return to R2, then select Manage R2 API tokens.
- Select Create API token.
- In Permissions, select Object Read & Write.
- In Specify bucket(s), choose Apply to specific buckets only. Select the bucket you created.
- Configure other token settings to your preferences.
- Select Create API Token.
- Copy the Access Key ID, Secret Access Key, and endpoint URL values. You will not be able to access these values again.
- Select Finish.
- In Zero Trust ↗, go to Logs > Logpush.
- Select Connect a service.
- Choose which data sets and fields you want to send to your bucket. Select Next.
- Select S3 Compatible.
- In S3 Compatible Bucket Path, enter the name of your bucket.
- In Bucket region, enter
auto. - Enter the values for Access Key ID, Secret Access Key, and Endpoint URL in their corresponding fields.
- Select Push. If prompted, you do not need to prove ownership with a token challenge.
The Logpush job will send the selected Zero Trust logs to your R2 bucket.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark