---
title: Use your own S3 Bucket | Paperform Help Center | Paperform
description: "Use your own custom S3 bucket to store: uploaded files from image and file questions; custom PDFs; and submission exports that exceed the threshold for immediate download."
url: "https://paperform.co/help/articles/use-your-own-s3-bucket"
type: static
generatedAt: "2026-04-04T00:42:02.829Z"
---

Use your own S3 Bucket
### Configuring Behavior

## What is BYO S3 and why would I want it?

Files uploaded to Paperform on forms are by default available via a unique, public URL. This URL gives access to the uploaded file to anyone who has it - so customers must treat the security of this URL as you would the security of the file itself.

Customers who are capturing sensitive information can opt to use their own S3 bucket to store files in, which can be configured to store files privately. This ensures that uploaded files can't accidentally be shared outside of Paperform. However, using a private S3 bucket may impact the expected behavior of other features like accessing files via email, submission exports or integrations with third parties.

> Note: As part of ongoing security updates, we are in the process of implementing changes that make file URLs private by default. Some customers may already be included in this process, and newly uploaded files may already be private.

## Setup bucket

> This feature is exclusively available with selected [pricing plans](https://paperform.co/pricing/).

 1. Login to AWS and setup a new S3 bucket.
 1. Configure your public access settings to allow public access. If you would like objects created in your bucket to be private we can configure that when we enable your bucket.

![Public access requirements for S3 bucket](https://img.paperform.co/fetch/f_auto,w_1400/https://d3gw2uv1ch7vdq.cloudfront.net/img/public-access-aws-block-options.png)
Public access requirements for S3 bucket
 1. Configure your ACL settings as shown below.

![ACL requirements for S3 bucket](https://img.paperform.co/fetch/f_auto,w_1400/https://d3gw2uv1ch7vdq.cloudfront.net/img/acl-requirements-for-s3-bucket.png)
ACL requirements for S3 bucket
 1. Under **Permissions → CORS Configuration**, click Edit and add the following:

```
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "https://*.paperform.co"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]
```

**Additional step for custom domains**

If you use custom domains on Paperform then you will need to add additional `AllowedOrigins` to give your custom domain permission to upload files to your S3 bucket.

For example, if you had a custom domain **forms.mysite.com** then your allowed origins should be:

```
[
  "https://*.paperform.co",
  "https://forms.mysite.com"
]
```

## Setup IAM User with permissions

 1. Go to IAM in AWS.
 1. Create a new user with "programmatic access".
 1. Under "Set Permissions" select **Attach existing policies directly → Create policy**.
 1. In the policy creator, select the "JSON" tab and paste the below policy.

```json
{
"Version": "2012-10-17",
"Statement": [
    {
    "Effect": "Allow",
    "Action": ["s3:ListBucket"],
    "Resource": ["arn:aws:s3:::BUCKETNAME"]
    },
    {
    "Sid": "Stmt1466908203000",
    "Effect": "Allow",
    "Action": [
        "s3:AbortMultipartUpload",
        "s3:GetBucketAcl",
        "s3:GetBucketCORS",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:PutObjectVersionAcl"
    ],
    "Resource": ["arn:aws:s3:::BUCKETNAME/*"]
    }
]
}
```

**Note that you should replace the `BUCKETNAME` with the name you choose for your S3 bucket.**
 1. Save the policy under any name you like.
 1. Go back to the user setup.
 1. Select the newly created policy (you may need to refresh the listing to search for the policy).
 1. Complete user setup and ensure you download **credentials.csv**.

## Give credentials to Paperform for setup

Generate an Access Key for the user you created and fill out [https://byo-s3-setup.paperform.co](https://byo-s3-setup.paperform.co) to give Paperform the relevant information to setup the S3 bucket as the upload location for your forms. Paperform will complete and test the setup and get back to you **within 2 business days**.

### Related Articles
  [Where is my submission data stored?  You can access your form results from the Dashboard or form editor.](/help/articles/where-are-my-submissions/)
[How do I view a submitter's uploaded files?  You can view a submitter's uploaded files through the Submissions section of your dashboard.](/help/articles/how-do-i-view-a-submitters-uploaded-files/)