Skip to content
Planet Argon Planet Argon Engineering Handbook

Updating CORS Configuration on an AWS S3 Bucket

Cross-Origin Resource Sharing (CORS) is a mechanism that allows many resources (e.g., fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated. To control which websites can access your bucket content, you can add a CORS policy.

Follow these steps to update the CORS configuration on an AWS S3 Bucket:

  1. Sign into AWS Management Console: Open the AWS Management Console and sign in with your credentials.

  2. Open the Amazon S3 console: In the Services menu, navigate to the S3 service.

  3. Select your bucket: From the list of S3 buckets, choose the bucket you want to apply CORS to.

  4. Navigate to CORS settings: Click on the ‘Properties’ tab, scroll down, and click on the ‘CORS Configuration’ card.

  5. Edit CORS rules: You can add, edit, or remove CORS rules here. A CORS rule is defined by XML. Here’s an example of what a simple CORS rule might look like:

    <CORSConfiguration>
      <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
      </CORSRule>
    </CORSConfiguration>

    In this example, the ’*’ allows any domain to access your bucket. The ‘GET’ method is allowed, meaning that other websites can load images, scripts, etc., from your bucket. The rule allows the ‘Authorization’ header and specifies that the maximum age (MaxAge) of this rule is 3000 seconds.

    For a more restrictive rule, replace the ’*’ with the exact domain you want to allow and specify additional HTTP methods as per your requirements. For example, if you want to allow both GET and PUT operations from ‘http://example.com’, your rule would look like this:

    <CORSConfiguration>
      <CORSRule>
        <AllowedOrigin>http://example.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
      </CORSRule>
    </CORSConfiguration>

  6. Save changes: Once you have updated the CORS rules as per your requirement, click the ‘Save’ button.

Remember that CORS does not add security to your S3 bucket. Instead, it allows you to control which web domains can access files in your bucket. Do not enable more access than necessary to maintain the security of your data.