Skip to main content
A newer release of this product is available.

Configure cross-origin resource sharing (CORS)

Contributors
PDFs

You can configure cross-origin resource sharing (CORS) for an S3 bucket if you want that bucket and objects in that bucket to be accessible to web applications in other domains.

Before you begin
About this task

Cross-origin resource sharing (CORS) is a security mechanism that allows client web applications in one domain to access resources in a different domain. For example, suppose you use an S3 bucket named Images to store graphics. By configuring CORS for the Images bucket, you can allow the images in that bucket to be displayed on the website http://www.example.com.

Enable CORS for a bucket

Steps

  1. Use a text editor to create the required XML.

    This example shows the XML used to enable CORS for an S3 bucket. This XML allows any domain to send GET requests to the bucket, but it only allows the http://www.example.com domain to send POST and DELETE requests. All request headers are allowed.

    <CORSConfiguration
    xmlns="http://s3.amazonaws.com/doc/2020-10-22/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
    <CORSRule>
        <AllowedOrigin>http://www.example.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

    For more information about the CORS configuration XML, see Amazon Web Services (AWS) Documentation: Amazon Simple Storage Service Developer Guide.

  2. Select View buckets from the dashboard, or select STORAGE (S3) > Buckets.

  3. Select the bucket name from the table.

    The bucket details page appears.

  4. From the Bucket access tab, select the Cross-Origin Resource Sharing (CORS) accordion.

  5. Select the Enable CORS checkbox.

  6. Paste the CORS configuration XML into the text box.

  7. Select Save changes.

Modify CORS setting

Steps

  1. Update the CORS configuration XML in the text box, or select Clear to start over.

  2. Select Save changes.

Disable CORS setting

Steps

  1. Clear the Enable CORS checkbox.

  2. Select Save changes.