1. Home
  2. Training Library
  3. Amazon Web Services
  4. Amazon Web Services Courses
  5. Certified Developer for AWS - Designing and Developing

Using Cross Origin Resources (CORS)

Start course
2h 45m

An introduction to the AWS components that help us develop highly available, cost-efficient solutions.

Learning Objectives

  • Understand the core AWS services, uses, and basic architecture best practices
  • Identify and recognize cloud architecture considerations, such as fundamental components and effective designs

Areas Covered

Elasticity and Scalability
Regions and AZ's
Amazon VPC
Amazon Elastic Load Balancer
Amazon Simple Queue Service
Amazon EC2
Amazon Route53
Amazon Elastic IP Addresses
Amazon CloudWatch
Amazon Auto Scaling

Identify the appropriate techniques to code a cloud solution
Recognize and implement secure procedures for optimum cloud deployment and maintenance
Amazon APIs
Using Amazon SQS
Decoupling Layers
Using Amazon SNS
Using Amazon SWF
Using Cross Origin Resources (CORS)

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.


Hi. In this lecture, we'll talk about CORS and pre-signed object URLs, both S3 related topics. CORS stands for Cross Origin Resource Sharing. This is not an AWS term or technology. In order to keep your content safe, your web browser implements something called the Same Origin Policy. This basically means that some resources are going to be restricted to the same origin or DNS domain and will only be allowed, if specified, in the other origin. These restrictions are mostly applied to Javascript or web fonts. So if you're planning to use bucket as a single repository for scripts and fonts, you'll need to be aware of it. I will show you where to define the CORS configuration in a few moments. For the exam, you don't need to know how to define it, just its usage.

A pre-signed object URL helps you secure your S3 data. All S3 objects are private by default. You can leave them as private, but create pre-signed URLs for the people to whom you want to provide access to a single object. That way, you can limit who was able to access your data. The object owner will need to use an SDK to generate a pre-signed URL using their own credentials and specify the time to live of that specific URL. In the same way, you can also limit the time frame that a person can have to use the S3 object for which you are granting permissions. Let me show you how it works in the AWS console and also where to define the CORS configuration that I mentioned earlier.

I created a static website on an S3 bucket for a friend of mine who had recently passed the AWS Certified Developer exam and as a super tip to share with you. This is the bucket where I created the static website, and these are the html files, the picture of Max, and the super tip file as a jpeg picture. All the files are public except for the tip.jpeg. If we check the properties of this bucket and go to permissions, we can see a familiar term.

Here is where we can define the CORS configuration. There's no need to know what it means. You only need to know the CORS configuration usage. For this configuration, you could use one of the samples that AWS provides. It's very simple to understand. Back to Max's website. Let me quickly show you the permissions for the files that I created.

As I said, they're all public except for the tip.jpeg file. For this one, we'll use a pre-signed URL to make it available over the Internet. I know this is not the best example for pre-signed URLs, but imagine that Max was selling this tip on the Internet. He could create a special page for only the people who paid for it. He could also store some user credentials in a small database and process the pre-signed URL only for the user and store it on the database as well so that when a user hits this page, he would access his own pre-signed URL. In my example, I hard-coded the URL for this image, as it is a public image. And I will update the URL directly on this html page. For that, I will use a tool called Cyberduck.

By the way, this is an amazing tool that I like to use to manage content on S3 buckets. It can also generate pre-signed URLs for us. We just have to select the object, right click, go on copy URL and select the URL with an appropriate time to live. I will select this one to put in the html file. With this tool, I can edit files in the bucket. And when I hit the save button, they're automatically uploading to the bucket. I really like this feature. I'll quickly replace the URL.

If you pay attention, you can see some terms in the URL, like access key ID. These are actually the same keys that I'm using to access this bucket, the expiration date of this URL and a signature.

I will save this file and then we'll see what happens on the website. The file was uploaded. So I can click on refresh. And now we're able to see the super tip that Max wants to share with you. Just study hard. If we check the html file again, we can now see that the URL of the image is the pre-signed URL that we created. Let me show you that the tip.jpeg file is still private. Nothing has changed here. We just granted permissions to see the picture over that signed URL. That's it for this lecture. If you want to be like Max and also successfully pass the AWS Certified Developer Certification, keep watching the next lectures.

About the Author
Learning Paths

Andrew is fanatical about helping business teams gain the maximum ROI possible from adopting, using, and optimizing Public Cloud Services. Having built  70+ Cloud Academy courses, Andrew has helped over 50,000 students master cloud computing by sharing the skills and experiences he gained during 20+  years leading digital teams in code and consulting. Before joining Cloud Academy, Andrew worked for AWS and for AWS technology partners Ooyala and Adobe.