Hey everyone! I'm pretty new to AWS and I'm trying to build a static site using S3, CloudFront, Cognito, Lambda, and API Gateway. Here's what I have set up so far:
1. I have two S3 buckets: one public for my HTML files and another private for video access, both linked through CloudFront.
2. I'm using Cognito to manage user authentication, which is working smoothly without a custom domain.
3. The private bucket holds the videos, accessed through CloudFront. I have a Lambda function linked to an API Gateway that generates signed URLs for those videos.
4. I recently added a custom domain to the CloudFront distribution for the public bucket and updated my HTML accordingly.
Everything was working perfectly until I tried to implement CORS. Now, when I try to fetch the API, I face CORS issues and the videos won't play. I've checked the CORS settings and they're configured for GET, POST, and OPTIONS, but I'm still struggling.
I'd appreciate any tips on handling CORS, especially for accessing the private videos and ensuring it works across the entire static site. Thanks!
3 Answers
CORS is specifically designed to prevent cross-domain requests, which can be a hassle. If you're working with multiple domains, you'll need to configure CORS to allow those specific ones or consider removing it during testing. Just be cautious about security!
You should definitely check your CORS configuration on the private bucket to make sure you're allowing requests from your CloudFront URL. That's a common mistake! Double-check those settings to ensure they align with what you need for cross-Origin requests.
If the problem persists, it might be worth revisiting your API's CORS settings first; they could be blocking requests.
I think I've already set that up, but I'll recheck to be sure.
Can you provide a bit more detail about your architecture? I’m curious about how many CloudFront distributions you set up, the role of your public bucket, and how everything’s tied together with Lambda and API Gateway. Sometimes, having everything behind an API Gateway can help avoid CORS issues altogether!
Got it, I’ll look into what parameters I need for cross-domain requests.