AWS S3vsCloudflare R2

AWS S3 invented modern object storage in 2006 and remains the default choice for cloud storage across the industry. Cloudflare R2 launched in 2022 with a single, structurally disruptive differentiator: zero egress fees. In the years since launch, R2 has matured into a credible alternative for a significant segment of S3 use cases — particularly read-heavy workloads serving content to internet users, where S3's egress costs compound aggressively at scale. Understanding when R2's cost model justifies a migration, and what you trade away in making that switch, requires examining egress economics, durability, API compatibility, SDK support, advanced feature gaps, and total cost of ownership across different workload profiles.

Egress Fees: The Structural Differentiator

AWS S3 charges $0.09 per GB for data transferred out to the internet from US East/West regions, dropping to $0.085/GB for transfers to CloudFront (AWS's CDN). The first 100GB per month is free. For applications serving large files to end users — video streaming platforms, podcast hosts, software distribution networks, media archives, game asset delivery — egress costs can dwarf storage costs at scale. A service hosting 50TB of video content that streams 100TB to users per month pays approximately $9,000 per month in S3 egress fees alone. A CDN in front of S3 reduces but doesn't eliminate these costs; CloudFront pricing starts at $0.0085/10,000 HTTPS requests plus origin transfer fees.

Cloudflare R2 charges $0.00 for egress. Data transferred out to the internet, to Cloudflare Workers, or to any Cloudflare-served request is free. Costs exist only for stored data ($0.015/GB/month, compared to S3 Standard at $0.023/GB) and API operations: 4.5 million Class A operations (writes, lists) free per month with $4.50 per million after; 36 million Class B operations (reads) free per month with $0.36 per million after. For the same 50TB storage and 100TB/month egress workload, R2's monthly cost is approximately $750 for storage and a modest sum for API calls — a 90%+ cost reduction versus S3 for this profile.

The egress fee advantage diminishes for workloads where data flows primarily within the AWS ecosystem. EC2-to-S3 data transfer within the same region is free. Lambda-to-S3 in the same region is free. If your compute and storage already live in AWS and your users access data only through AWS services (CloudFront, API Gateway), the practical egress savings from moving to R2 may be much smaller than the headline rate implies.

Reliability and Durability

AWS S3 provides a 99.99% availability SLA and 11 nines (99.999999999%) of durability for objects stored in Standard storage class. S3 automatically replicates each object across a minimum of three availability zones within a region. With nearly 20 years of operation at internet scale, S3's track record is the practical gold standard for object storage reliability. AWS publishes detailed incident history through the Service Health Dashboard, and S3's operational transparency during incidents has improved substantially over the years.

Cloudflare R2 provides high durability through redundancy within Cloudflare's global network infrastructure, with a 99.9% uptime SLA. R2 is a younger service — launched in 2022, it has operated for years, not decades. For mission-critical, compliance-sensitive, or irreplaceable data, the combination of S3's proved durability track record, mature operational tooling (Object Lock for WORM compliance, multi-region replication with audit trails), and established enterprise SLA may justify higher storage and egress costs. For most application data, video assets, user uploads, and build artifacts, R2's reliability is sufficient.

API Compatibility and Ecosystem

R2's API is S3-compatible at the HTTP protocol level. Any S3 client SDK can communicate with R2 by configuring the endpoint URL and R2 credentials. In practice, this means existing S3 code migrates to R2 with no changes beyond configuration:

```typescript import { S3Client } from "@aws-sdk/client-s3";

const r2 = new S3Client({ region: "auto", endpoint: `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`, credentials: { accessKeyId: R2_ACCESS_KEY_ID, secretAccessKey: R2_SECRET_ACCESS_KEY, }, }); ```

The S3-compatible API covers all core operations: PutObject, GetObject, DeleteObject, ListObjectsV2, CopyObject, HeadObject, CreateMultipartUpload, UploadPart, CompleteMultipartUpload, and presigned URL generation for both GET and PUT. Multipart upload for large files works identically to S3. Presigned URLs function the same way, with the same expiration semantics.

R2 also exposes a native binding for Cloudflare Workers, allowing direct object access within the Workers runtime without making HTTP requests: `const object = await env.MY_BUCKET.get(key)` returns the object body, metadata, and headers with sub-millisecond overhead. This tight Workers integration enables patterns not possible with S3 — real-time image transformation, access-controlled file serving, and edge-side content modification without an intermediary CDN layer.

SDK Coverage

AWS S3 has official SDK support in Python (boto3), JavaScript/TypeScript (@aws-sdk/client-s3 and the legacy aws-sdk), Java (AWS SDK for Java v2), .NET, Go, Ruby, PHP, Kotlin, Rust, Swift, and C++. Boto3 is one of the most widely installed Python libraries in the world. The AWS CLI provides S3 operations via `aws s3 cp`, `aws s3 sync`, and the lower-level `aws s3api` commands. Every major infrastructure-as-code tool — Terraform, AWS CDK, Pulumi, SST — has mature, well-documented S3 resource support. The AWS S3 Terraform provider is one of the most downloaded Terraform providers in the registry.

Cloudflare R2 benefits from complete S3 SDK compatibility — you can use any of the above S3 SDKs to interact with R2 without modification beyond endpoint configuration. Cloudflare additionally provides first-party Workers bindings, the `wrangler r2` CLI commands for bucket management and local development simulation, and a Terraform provider (`cloudflare/cloudflare`) that covers R2 bucket creation, CORS configuration, and custom domain binding. Rclone supports R2 natively with the S3-compatible configuration, enabling standard sync and copy operations.

Advanced Features and Gap Analysis

S3's 18-year feature roadmap has produced capabilities that R2 has only partially matched. S3 Lifecycle Rules are mature and flexible: they automate object transitions between storage classes (Standard → Infrequent Access → Glacier Instant → Glacier Flexible → Deep Archive), set expiration policies for objects or delete markers, and manage incomplete multipart upload cleanup. Lifecycle transitions can reduce storage costs substantially for archival workloads — transitioning to Glacier Deep Archive at $0.00099/GB/month is cost-effective for rarely accessed data.

S3 Versioning maintains a complete history of every object version, with restore capabilities for accidental deletion or modification. S3 Object Lock enforces WORM (Write Once Read Many) compliance in both Governance and Compliance modes, satisfying SEC Rule 17a-4, FINRA, CFTC, and HIPAA requirements. S3 Event Notifications integrate with Lambda, SQS, and SNS for event-driven architecture patterns — S3 upload triggers Lambda processing without polling. S3 Batch Operations process millions of objects programmatically (copy, tag, restore from Glacier) as managed jobs.

R2's feature roadmap has advanced rapidly. Object versioning is supported. Lifecycle rules for object deletion are available. Event notifications work through Cloudflare Workers event bindings rather than AWS-native services. Cross-region replication is handled differently: R2 is globally distributed by default, routing object storage across Cloudflare's network, which changes data residency assumptions. S3 Object Lock (WORM compliance) is not available in R2 as of early 2025, making R2 unsuitable for regulated workloads requiring immutable storage guarantees. S3 Glacier-tier cold storage (very low-cost archival) has no R2 equivalent — R2 has a single storage tier.

Performance Characteristics

S3 performance depends on regional proximity. EC2 or Lambda in the same region as your S3 bucket sees sub-10ms GET latency for small objects at high parallelism. Cross-region reads add 50–150ms of network latency depending on geographic distance; S3 Transfer Acceleration routes through CloudFront's edge network to reduce cross-region latency for an additional fee ($0.04–$0.08/GB transferred). S3 scales to extremely high request rates automatically — individual prefixes can handle 3,500 PUTs and 5,500 GETs per second, with horizontal scaling achievable through key prefix sharding.

R2's latency profile is favorable for globally distributed read workloads. Cloudflare routes requests through the nearest point of presence in its 300+ location network, so a user in Singapore reading from R2 gets a response from a Cloudflare data center in Singapore rather than routing to an AWS region. For Cloudflare Workers applications, R2 read latency from a Worker is typically sub-5ms due to the native binding. For externally hosted applications making HTTPS calls to R2, performance is competitive with equivalent S3 + CloudFront configurations.

Migration Path

The S3 API compatibility makes R2 migration technically straightforward compared to most storage migrations: 1. Create an R2 bucket in the Cloudflare Dashboard and generate R2 API credentials. 2. Update your storage client endpoint configuration; no code changes beyond this. 3. Migrate existing objects using rclone (`rclone sync s3:my-bucket r2:my-bucket`), the AWS CLI with R2 endpoint override, or Cloudflare's migration tools. 4. Update CDN or public URL configuration if serving content directly. 5. Validate application behavior in a staging environment before cutting over production traffic.

Migration risk is low specifically because the API is identical. The primary risk is identifying S3-specific features your application uses — lifecycle rules (need reconfiguration), event notifications (need reimplementation via Workers), Object Lock (unavailable in R2) — and ensuring R2 equivalents are adequate before migrating workloads that depend on them.

Choose AWS S3 for workloads tightly integrated with the AWS ecosystem (Lambda triggers, CloudWatch metrics, IAM-based access control), compliance requirements needing WORM Object Lock, complex lifecycle management across multiple storage tiers, or when maximum enterprise SLA and audit capability are required. Choose Cloudflare R2 for read-heavy, publicly served content where egress costs are a meaningful line item, for applications built on Cloudflare Workers where native binding performance matters, or for any new project where R2's zero-egress cost model enables a fundamentally more efficient architecture.