AWS::Lambda::Url Cors - AWS CloudFormation

AWS::Lambda::Url Cors

The Cross-Origin Resource Sharing (CORS) settings for your function URL. Use CORS to grant access to your function URL from any origin. You can also use CORS to control access for specific HTTP headers and methods in requests to your function URL.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "AllowCredentials" : Boolean, "AllowHeaders" : [ String, ... ], "AllowMethods" : [ String, ... ], "AllowOrigins" : [ String, ... ], "ExposeHeaders" : [ String, ... ], "MaxAge" : Integer }

YAML

AllowCredentials: Boolean AllowHeaders: - String AllowMethods: - String AllowOrigins: - String ExposeHeaders: - String MaxAge: Integer

Properties

AllowCredentials

Whether you want to allow cookies or other credentials in requests to your function URL. The default is false.

Required: No

Type: Boolean

Update requires: No interruption

AllowHeaders

The HTTP headers that origins can include in requests to your function URL. For example: Date, Keep-Alive, X-Custom-Header.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 1024 | 100

Update requires: No interruption

AllowMethods

The HTTP methods that are allowed when calling your function URL. For example: GET, POST, DELETE, or the wildcard character (*).

Required: No

Type: Array of String

Allowed values: GET | PUT | HEAD | POST | PATCH | DELETE | *

Minimum: 1

Maximum: 6

Update requires: No interruption

AllowOrigins

The origins that can access your function URL. You can list any number of specific origins, separated by a comma. For example: https://www.example.com, http://localhost:60905.

Alternatively, you can grant access to all origins with the wildcard character (*).

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 253 | 100

Update requires: No interruption

ExposeHeaders

The HTTP headers in your function response that you want to expose to origins that call your function URL. For example: Date, Keep-Alive, X-Custom-Header.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 1024 | 100

Update requires: No interruption

MaxAge

The maximum amount of time, in seconds, that browsers can cache results of a preflight request. By default, this is set to 0, which means the browser will not cache results.

Required: No

Type: Integer

Minimum: 0

Maximum: 86400

Update requires: No interruption