Webinar: Get Hands-On With ServerlessRegister now

Amazon API Gateway CORS allowlist

API Gateway REST API → AWS Lambda

Create an allowlist of domains for CORS pre-flight requests.

By instrumenting CORS, a browser's request will be validated against an OPTIONS request inside of API Gateway. API Gateway only allows a single domain to be registered or a `*` can be utilized to allow all domains. In the case of more restriction and more flexibility, a whitelist of allowed domains can be built using a Lambda that is executed via a Proxy Integration.

< Back to all patterns
Language:
Go
Framework:
AWS CDK

GitHub icon Download this pattern (.zip)

GitHub icon View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/api-gateway-cors-whitelist-cdk

Deploy

make build-and-deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

make teardown

Additional resources

Created by:

Benjamen Pyle

Benjamen Pyle

Benjamen Pyle is an AWS Community Builder who loves building scalable and useful applications with Serverless and Event Driven Architectures

Follow on LinkedIn