How Do I Allow Cross-Domain Resource Sharing with CORS?
If you are in the old Amazon S3 console, to use the new console, choose Opt In in the following box, which appears on the old Amazon S3 console home page. Note that Opt In is not available in all Regions.
This section explains how to use the Amazon S3 console to add a cross-origin resource sharing (CORS) configuration to an S3 bucket. CORS allows client web applications that are loaded in one domain to interact with resources in another domain.
To configure your bucket to allow cross-origin requests, you add CORS configuration to the bucket. A CORS configuration is an XML document that defines rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) supported for each origin, and other operation-specific information. For more information about CORS, see Cross-Origin Resource Sharing (CORS) in the Amazon Simple Storage Service Developer Guide.
When you enable CORS on the bucket, the access control lists (ACLs) and other access permission policies continue to apply.
To add a CORS configuration to an S3 bucket
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
In the Bucket name list, choose the name of the bucket that you want to create a bucket policy for.
Choose Permissions, and then choose CORS configuration.
In the CORS configuration editor text box, type or copy and paste a new CORS configuration, or edit an existing configuration. The CORS configuration is a XML file. The text that you type in the editor must be valid XML.
Amazon S3 displays the Amazon Resource Name (ARN) for the bucket next to the CORS configuration editor title. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the Amazon Web Services General Reference.