This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::S3::Bucket CorsRule Specifies a cross-origin access rule for an Amazon S3 bucket. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[AllowedHeaders](#cfn-s3-bucket-corsrule-allowedheaders)" : {{[ String, ... ]}}, "[AllowedMethods](#cfn-s3-bucket-corsrule-allowedmethods)" : {{[ String, ... ]}}, "[AllowedOrigins](#cfn-s3-bucket-corsrule-allowedorigins)" : {{[ String, ... ]}}, "[ExposedHeaders](#cfn-s3-bucket-corsrule-exposedheaders)" : {{[ String, ... ]}}, "[Id](#cfn-s3-bucket-corsrule-id)" : {{String}}, "[MaxAge](#cfn-s3-bucket-corsrule-maxage)" : {{Integer}} } ``` ### YAML ``` [AllowedHeaders](#cfn-s3-bucket-corsrule-allowedheaders): {{ - String}} [AllowedMethods](#cfn-s3-bucket-corsrule-allowedmethods): {{ - String}} [AllowedOrigins](#cfn-s3-bucket-corsrule-allowedorigins): {{ - String}} [ExposedHeaders](#cfn-s3-bucket-corsrule-exposedheaders): {{ - String}} [Id](#cfn-s3-bucket-corsrule-id): {{String}} [MaxAge](#cfn-s3-bucket-corsrule-maxage): {{Integer}} ``` ## Properties `AllowedHeaders` Headers that are specified in the `Access-Control-Request-Headers` header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AllowedMethods` An HTTP method that you allow the origin to run. *Allowed values*: `GET` \| `PUT` \| `HEAD` \| `POST` \| `DELETE` *Required*: Yes *Type*: Array of String *Allowed values*: `GET | PUT | HEAD | POST | DELETE` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AllowedOrigins` One or more origins you want customers to be able to access the bucket from. *Required*: Yes *Type*: Array of String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ExposedHeaders` One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Id` A unique identifier for this rule. The value must be no more than 255 characters. *Required*: No *Type*: String *Maximum*: `255` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MaxAge` The time in seconds that your browser is to cache the preflight response for the specified resource. *Required*: No *Type*: Integer *Minimum*: `0` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### Enable cross-origin resource sharing The following example template shows a public S3 bucket with two cross-origin resource sharing rules. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "PublicRead", "CorsConfiguration": { "CorsRules": [ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET" ], "AllowedOrigins": [ "*" ], "ExposedHeaders": [ "Date" ], "Id": "myCORSRuleId1", "MaxAge": 3600 }, { "AllowedHeaders": [ "x-amz-*" ], "AllowedMethods": [ "DELETE" ], "AllowedOrigins": [ "http://www.example.com", "http://www.example.net" ], "ExposedHeaders": [ "Connection", "Server", "Date" ], "Id": "myCORSRuleId2", "MaxAge": 1800 } ] } } } }, "Outputs": { "BucketName": { "Value": { "Ref": "S3Bucket" }, "Description": "Name of the sample Amazon S3 bucket with CORS enabled." } } } ``` #### YAML ``` AWSTemplateFormatVersion: 2010-09-09 Resources: S3Bucket: Type: 'AWS::S3::Bucket' Properties: AccessControl: PublicRead CorsConfiguration: CorsRules: - AllowedHeaders: - '*' AllowedMethods: - GET AllowedOrigins: - '*' ExposedHeaders: - Date Id: myCORSRuleId1 MaxAge: 3600 - AllowedHeaders: - x-amz-* AllowedMethods: - DELETE AllowedOrigins: - 'http://www.example.com' - 'http://www.example.net' ExposedHeaders: - Connection - Server - Date Id: myCORSRuleId2 MaxAge: 1800 Outputs: BucketName: Value: !Ref S3Bucket Description: Name of the sample Amazon S3 bucket with CORS enabled. ```