AWS - S3 - CORS

-

 

CORS is a feature of HTTP that uses headers to allow browsers to display content that a web server requested from a different origin. 

To allow your content to appear, configure a CORS policy on your Amazon S3 bucket. 

Proper configuration of the CORS policy makes sure that the appropriate headers are returned.

You can configure a CORS rule on your bucket using the Amazon S3 console or AWS CLI.

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. 

To configure your bucket to allow cross-origin requests, you add a CORS configuration to the bucket. 

A CORS configuration is a document that defines rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) supported for each origin, and other operation-specific information.

I am starting with creating an S3 bucket and setting up a static website. 


Post configuring a static website on s3. It's accessible on the FQDN. 

Now, Edit the bucket permission -> CORS.



Now, the bucket has CORS setup and it allows GET and HEAD calls from the Allowed Origins which is the same as the bucket endpoint (Static Page).  You can configure Allowed Origin as any domain name. It refers to which DOMAIN name the website can be accessed.                                                                                                                                                                                                                                                               To test CORS, I created a EC2 instance and doing a CURL with the below headers:                                                                                                                                                                                                                               For example, if you make a request to http://www.rsinfominds.com/ in Chrome, the request header contains Origin:http://www.rsinfominds.com (the browser automatically sends this), and the response header from the server contains Access-Control-Allow-Origin:http://www.rsinfominds.com.                                                                                                                                                                                                                                                                                                                                                                                                    
                                                                                                                                                                                         This is my current CORS Configuration:
[
    {
        "AllowedHeaders": [
            "Authorization"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "http://rsinfominds.com
        ],
        "ExposeHeaders": [
            "Access-Control-Allow-Origin"
        ]
    }
]

This allows access to the S3 website from the allowed origins "https://rsinfominds.com"

So, In my curl I was calling as below:

 # curl -i  http://rsinfominds-cors-demo.s3-website-us-east-1.amazonaws.com/index.html -H  "Access-Control-Request-Method: GET" --request OPTIONS -H "Origin: http://www.example.com"
                                                                                                                                                                                  And it returned 403 and "This CORS request is not allowed".                                                                
                                                                                                                                                                                      When I change the Origin to "http://rsinfominds.com" in the curl it works.                                                                                                

                                                                                                                                                        

Comments

Post a Comment

Popular posts from this blog

K8s - ETCD

-
Image
  etcd is a "strongly consistent , distributed key-value store". Why etcd? 1. Consistency : Since the API server is the central coordination point of the entire cluster; strong consistency is essential. It would be a disaster if, say, two nodes tried to attach the same persistent volume over iSCSI because the API server told them both that it was available. 2. Availability: API downtime means that the entire Kubernetes control plane comes to a halt, which is undesirable for production clusters. The  CAP theorem  says that 100% availability is impossible with strong consistency, but minimizing downtime is still a critical goal. 3. Consistent Performance: The API server for a busy Kubernetes cluster receives a fair amount of read and write traffic. The secret behind etcd's balance of strong consistency and high availability is the  Raft algorithm . Raft solves a particular problem: how can multiple independent processes decide on a single value for somethin...
Read more

SRE/DevOps Syllabus

-
Image
  DEVOPS/SRE Principles. Git What is Git? Architecture of Git. Working principle of Git. Create and cloning a repo. Version control branching. Version control commit. Version control managing workflows. Git hooks. Git Reflog. Git Stash. Git Cherry Picking. Undoing changes in different states of Git. Git based terraform template management. AWS CI/CD SDLC Automation. Code Commit. Code Build. Code Deployment. Code Pipeline. Elastic Beankstalk. Code Artifact. CodeGuru. Terraform Terraform Basics. Terraform State. Working with Terraform. Terraform with AWS. Remote State. Terraform Provisioners. Terraform Import, Tainting and Debugging. Terraform Modules. Terraform Functions and Conditional Expressions. Automation using Python - AWS AWS lambda. Automating EC2 with Lambda. Automating S3 with Lambda. Automating VPC with Lambda. Cost optimization with Lambda. SNS,SQS and SES with Python. Managing and Automating AWS Security with Python. Kubernetes - CKAD Application Developer. Kubernetes A...
Read more

K8s - Deployment and HPA replicas

-
Image
  We all know that replica is a critical part of a K8s deployment. Default replica is 1. Setting replicas as 3 will ensure 3 pods of that deployment is running at any given time.  Replica are internally managed by replica set which is in turn controlled by the K8s  ReplicationController   . When a pod is bad or deleted as part of replicaset, replication controller will ensure a new pod is created. Now, coming to HPA (Horizontal Pod Autoscaler) which is a dynamic scaler which works at the pod level based on the metrics configured.  When we configure we must mention min and max values. They should be greater than 1. Let's image I create a HPA with min as 5 and max as 10 under the condition of CPU utilization more than 50%. Initial deployment is set with the replica as 1. On top the deployment, I am attaching a HPA with the mentioned configuration. Under HPA, we are forcing the min replicas to 5. Hence, it autoscales the pod to 5 even though the CPU utilization is ...
Read more