Greg Heywood


UK based tech enthusiast. This is my blog.

Enabling CORS on AWS API Gateway

If you have a website that is trying to call an API on AWS API Gateway, you probably want CORS (Coss-Origin Region Sharing) enabled. This is to allow cross-domain access (you may know it from S3), or more specifically, if you have a website https://www.domain.com that wants to run an API from another site (let's say https://3fdssdfgxfscil.execute-api.us-east-1.amazonaws.com/Prod/films), that isn't going to work without CORS, as the the browser will look for some headers that allow this, and will not find them.


S3 Buckets and Changes to Cross-account Access

It is not unusual to have a requirement to grant cross-account access to S3. Normally you would do this via an IAM policy on the user, and a bucket policy. There is a change announced at re:Invent though that helps a lot here.


Automatically Tagging Uploads to S3 - Part II

I previously wrote a post on how to automatically tag uploads to S3, which can be found here. There is an update below, which has a few changes. Firstly, it is all deployed via Terraform, but there is also a change to the code of the lambda function too.