AWS::Lambda::Url Cors - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Lambda::Url Cors

The Cross-Origin Resource Sharing (CORS) settings for your function URL. Use CORS to grant access to your function URL from any origin. You can also use CORS to control access for specific HTTP headers and methods in requests to your function URL.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AllowCredentials" : Boolean,
  "AllowHeaders" : [ String, ... ],
  "AllowMethods" : [ String, ... ],
  "AllowOrigins" : [ String, ... ],
  "ExposeHeaders" : [ String, ... ],
  "MaxAge" : Integer
}

YAML

  AllowCredentials: Boolean
  AllowHeaders: 
    - String
  AllowMethods: 
    - String
  AllowOrigins: 
    - String
  ExposeHeaders: 
    - String
  MaxAge: Integer

Properties

AllowCredentials

Whether you want to allow cookies or other credentials in requests to your function URL. The default is false.

Required: No

Type: Boolean

Update requires: No interruption

AllowHeaders

The HTTP headers that origins can include in requests to your function URL. For example: Date, Keep-Alive, X-Custom-Header.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 1024 | 100

Update requires: No interruption

AllowMethods

The HTTP methods that are allowed when calling your function URL. For example: GET, POST, DELETE, or the wildcard character (*).

Required: No

Type: Array of String

Allowed values: GET | PUT | HEAD | POST | PATCH | DELETE | *

Minimum: 1

Maximum: 6

Update requires: No interruption

AllowOrigins

The origins that can access your function URL. You can list any number of specific origins, separated by a comma. For example: https://www.example.com, http://localhost:60905.

Alternatively, you can grant access to all origins with the wildcard character (*).

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 253 | 100

Update requires: No interruption

ExposeHeaders

The HTTP headers in your function response that you want to expose to origins that call your function URL. For example: Date, Keep-Alive, X-Custom-Header.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 1024 | 100

Update requires: No interruption

MaxAge

The maximum amount of time, in seconds, that browsers can cache results of a preflight request. By default, this is set to 0, which means the browser will not cache results.

Required: No

Type: Integer

Minimum: 0

Maximum: 86400

Update requires: No interruption