Bucket CORS configuration#

Cross Origin Resource Sharing (CORS) enables client web applications in one domain to access resources in another domain. An S3 bucket can be configured to enable cross-origin requests. The configuration defines rules that specify the allowed origins, HTTP methods (GET, PUT, etc.), and other elements.

Retrieve a bucket CORS configuration#

Retrieve a bucket’s CORS configuration by calling the AWS SDK for Python get_bucket_cors method.

import logging
import boto3
from botocore.exceptions import ClientError

def get_bucket_cors(bucket_name):
    """Retrieve the CORS configuration rules of an Amazon S3 bucket

    :param bucket_name: string
    :return: List of the bucket's CORS configuration rules. If no CORS
    configuration exists, return empty list. If error, return None.

    # Retrieve the CORS configuration
    s3 = boto3.client('s3')
        response = s3.get_bucket_cors(Bucket=bucket_name)
    except ClientError as e:
        if e.response['Error']['Code'] == 'NoSuchCORSConfiguration':
            return []
            # AllAccessDisabled error == bucket not found
            return None
    return response['CORSRules']

Set a bucket CORS configuration#

A bucket’s CORS configuration can be set by calling the put_bucket_cors method.

# Define the configuration rules
cors_configuration = {
    'CORSRules': [{
        'AllowedHeaders': ['Authorization'],
        'AllowedMethods': ['GET', 'PUT'],
        'AllowedOrigins': ['*'],
        'ExposeHeaders': ['ETag', 'x-amz-request-id'],
        'MaxAgeSeconds': 3000

# Set the CORS configuration
s3 = boto3.client('s3')