1. Home
  2. Training Library
  3. Storage (SAP-C02)

Cross Origin Resource Sharing (CORS) with S3


Course Introduction
AWS Storage
Introduction to Amazon EFS
Amazon EC2
Amazon Elastic Block Store (EBS)
Optimizing Storage
AWS Backup
AWS Storage Gateway
Performance Factors Across AWS Storage Services

The course is part of this learning path

Start course
4h 13m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core storage concepts and services relevant to the SAP-C02 exam. We start with an introduction to AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
  • Learn how to improve your security posture in S3
  • Get both a theoretical and practical understanding of EFS
  • Learn how to create an EFS file system, manage EFS security, and import data in EFS
  • Learn about EC2 storage and Elastic Block Store
  • Learn about the different performance factors associated with AWS storage services

Hello, and welcome to this short lecture covering Cross Origin Resource Sharing, known as CORS in Amazon S3. At a high level, CORS allows specific resources on a webpage to be requested from a different domain than its own. And this allows you to build client-side web applications. And then if required, you can utilize CORS support to access resources stored in S3.

Let's take a look at how to configure CORS for a bucket which as you might expect involves the use of policies and these policies are embedded in the CORS configuration of the bucket itself which can be found under the Permissions tab.

Let's take a look at an example which has a single rule. The following policy allows you to use PUT, POST, and DELETE from the origin of www.cloudacademy.com. The AllowedHeaders element of the policy determines which headers are allowed in a preflight request through the Access-Control-Request-Headers header, which is used by browsers to let the server know which HTTP header the client might send when the actual request is made. And in this case, all headers will be allowed to be used in a preflight request.

Using this example, when the bucket receives a preflight request from a browser, S3 will evaluate the policy associated with the bucket for its CORS configuration and will process the first matching rule in the policy. A match is made when the following conditions in the rule are met.

The requestor's Origin header matches an entry made in the AllowedOrigins element. The method used in the request, for example a POST or DELETE operation is matched in the AllowedMethods element. And finally, the headers used within the requests Access-Control-Request-Headers header with a preflight request matches a value in the AllowedHeader element.

The ExposeHeader element in the policy is used to define a header in the response that is allowed to be made by customer applications. For a full reference to the common S3 response headers, take a look at the common response headers in the S3 API Reference Guide found here.

Your CORS policy can contain more than one rule. For example, the following policy contains two rules. The first rule is the same as the one we looked at earlier and the second rule only allows PUT and POST operations following the origin of aws.com.

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.