Configure CORS in Amazon S3

2 minute read
Content level: Intermediate

Do you need your web applications in one domain to interact with resources in a different domain? Review this curated playlist to learn how to configure CORS for your Amazon S3 bucket.

How CORS works

Enter image description here

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon Simple Storage Service (Amazon S3) and selectively allow cross-origin access to your Amazon S3 resources.

Configure CORS

To configure your bucket to allow cross-origin requests, do the following:

Turn on CORS

Enter image description here

You can turn on CORS for your bucket using one of the following:

  • Amazon S3 console
  • Amazon S3 REST API

Troubleshoot unexpected behavior

If you're getting an error when you allow cross-origin access to resources in your Amazon S3 bucket, check the following:

  • You've configured the CORS rule for your bucket.
  • Make sure that you included the required methods in the CORS rule.

If you're getting the CORS error "No 'Access-Control-Allow-Origin'" on your requested resource in Amazon CloudFront, try the following:

  • Check the origin's CORS policy.
  • Configure your CloudFront distribution to forward the origin headers to the origin server.
  • Allow the OPTIONS HTTP method in your distribution's cache behavior.
  • Configure the CloudFront policy to return the required CORS headers.

Enter image description here

For more information, see Troubleshooting CORS.

Related Q&As:

Request from static webside on s3 to API Gateway to Lambda, blocked by CORS

Amazon S3 - Amazon CloudFront CORS configuration on the Stack Overflow website

Access-Control-Allow-Origin on the Stack Overflow website

profile pictureAWS
published a year ago1783 views