The default CORS policy doesn’t allow S3 content to other origins, even if the repository is public or hosting a static website. To allow the resources accessible to other domains, you need to update the S3 buckets CORS policy.
Set Up CORS in S3 Buckets
You can quickly enable cross-origin resource sharing (CORS) on your Amazon S3 buckets, with the following steps:
- Log into the AWS Management Console.
- Select S3 under the Services
- Select your S3 bucket.
- Go to the Permissions tab.
- Click Edit the Cross-origin resource sharing (CORS) section.
- Paste the below JSON content in editor:123456789101112131415161718192021222324[{"AllowedOrigins": ["*"],"AllowedMethods": ["GET"],"MaxAgeSeconds": 3000,"ExposeHeaders": ["Content-Range","Content-Length","ETag"],"AllowedHeaders": ["Authorization","Content-Range","Accept","Content-Type","Origin","Range"]}]
- Click Save changes.
That’s it! Cross-origin resource sharing (CORS) is enabled for your S3 bucket. You can access the s3 files from other origins. You can also update AllowedOrigins in JSON content to limit access to specific domains only.