Add a CORS configuration to an S3 bucket
- Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
- In the Bucket name list, choose the name of the bucket that you want to create a bucket policy for.
![]()
- Choose Permissions, and then choose CORS configuration.
![]()
- In the CORS configuration editor text box, type or copy and paste a new CORS configuration, or edit an existing configuration. The CORS configuration is an XML file
- Example of CORS:
- The first rule allows cross-origin PUT, POST, and DELETE requests from the
http://www.example1.comorigin. The rule also allows all headers in a preflight OPTIONS request through theAccess-Control-Request-Headersheader. In response to preflight OPTIONS requests, Amazon S3 returns requested headers. - The second rule allows the same cross-origin requests as the first rule, but the rule applies to another origin,
http://www.example2.com. - The third rule allows cross-origin GET requests from all origins. The
*wildcard character refers to all origins.<CORSConfiguration> <CORSRule> <AllowedOrigin>http://www.example1.com</AllowedOrigin> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> <CORSRule> <AllowedOrigin>http://www.example2.com</AllowedOrigin> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> <CORSRule> <AllowedOrigin>*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> </CORSRule> </CORSConfiguration>
- The first rule allows cross-origin PUT, POST, and DELETE requests from the
