Configuring cross-origin resource sharing (CORS)
Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.
This section shows you how to enable CORS using the Amazon S3 console, the Amazon S3 REST API, and the AWS SDKs. To configure your bucket to allow cross-origin requests, you add a CORS configuration to the bucket. A CORS configuration is a document that defines rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) supported for each origin, and other operation-specific information. In the S3 console, the CORS configuration must be a JSON document.
For example CORS configurations in JSON and XML, see Elements of a CORS configuration.
This section explains how to use the Amazon S3 console to add a cross-origin resource sharing (CORS) configuration to an S3 bucket.
When you enable CORS on the bucket, the access control lists (ACLs) and other access permission policies continue to apply.
Important
In the S3 console, the CORS configuration must be JSON. For examples CORS configurations in JSON and XML, see Elements of a CORS configuration.
To add a CORS configuration to an S3 bucket
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
In the Buckets list, choose the name of the bucket that you want to create a bucket policy for.
-
Choose Permissions.
-
In the Cross-origin resource sharing (CORS) section, choose Edit.
-
In the CORS configuration editor text box, type or copy and paste a new CORS configuration, or edit an existing configuration.
The CORS configuration is a JSON file. The text that you type in the editor must be valid JSON. For more information, see Elements of a CORS configuration.
-
Choose Save changes.
Note
Amazon S3 displays the Amazon Resource Name (ARN) for the bucket next to the CORS configuration editor title. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the Amazon Web Services General Reference.
You can use the AWS SDK to manage cross-origin resource sharing (CORS) for a bucket. For more information about CORS, see Using cross-origin resource sharing (CORS).
The following examples:
-
Creates a CORS configuration and sets the configuration on a bucket
-
Retrieves the configuration and modifies it by adding a rule
-
Adds the modified configuration to the bucket
-
Deletes the configuration
To set a CORS configuration on your bucket, you can use the AWS Management Console. If your application requires it, you can also send REST requests directly. The following sections in the Amazon Simple Storage Service API Reference describe the REST API actions related to the CORS configuration: