Setting up a customer data upload to S3

There are two ways to set up an S3 data push from IPinfo to a customer, depending on whether the bucket is:

  1. Owned by IPinfo
  2. Owned by the customer

The choice is left to the customer, based on their own preference.

1. Bucket owned by IPinfo

In this pull-based scenario, IPinfo owns the S3 bucket and manages the AWS user that can read from that bucket.

The customer reads data from the bucket using AWS Command Line Interface (awscli). It can then copy the data to its internal storage systems.

1.a. Authentication

There are different methods to authenticate to AWS via awscli. While we can work with any customer’s AWS IAM setup, the simplest is to use access keys.

In that case, IPinfo would provide you with:

  • An access key ID
  • A secret access key
  • A default region name

These credentials would be used to configure awscli, by running aws configure.

1.b. Download

Suppose the bucket is called ipinfo-customer and the customer wishes to download the privacy.csv.gz file to the directory /downloads.

It can be done by running the command

aws s3 cp s3://ipinfo-customer/privacy.csv.gz /downloads

2. Bucket owned by the customer

In this push-based scenario, the customer owns the S3 bucket and manages the AWS user that IPinfo uses to push to the bucket.

2.a. Authentication

The customer must create a separate AWS account. This is either managed by the customer’s IT team or can be created using the AWS console in the Security Credentials menu. Please refer to your company policy.

IPinfo requires access keys associated with the AWS account. The customer must provide:

The final step is enabling write access for that AWS account to the S3 bucket. There are many ways to enable it; please contact your IT team to determine the process used.

The simplest is usually to set an S3 Bucket policy:

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "AllowUserToWrite",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456:user/ipinfo"
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::ipinfo-customer/*"

where arn:aws:iam::123456:user/ipinfo is the User ARN for that AWS account and ipinfo-customer is the name of the S3 bucket

2.b. Download

Because the customer owns the S3 bucket, it can use whichever method they prefer to access the uploaded assets.

Optional: Validating downloads

After the data is downloaded, you can use IPinfo’s checksum API to verify its integrity.

Using your IPinfo API token, you can query the expected file checksum for any download by making an HTTP request:


For example, if your API token is abc123 and you would like to check the checksums for standard_asn.csv.gz , you would call: