Docs Home
AWS v7.1.0 published on Monday, Jul 21, 2025 by Pulumi
aws.s3.BucketCorsConfiguration
Explore with Pulumi AI
Provides an S3 bucket CORS configuration resource. For more information about CORS, go to Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.
NOTE: S3 Buckets only support a single CORS configuration. Declaring multiple
aws.s3.BucketCorsConfigurationresources to the same S3 Bucket will cause a perpetual difference in configuration.
This resource cannot be used with S3 directory buckets.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3.Bucket("example", {bucket: "mybucket"});
const exampleBucketCorsConfiguration = new aws.s3.BucketCorsConfiguration("example", {
bucket: example.id,
corsRules: [
{
allowedHeaders: ["*"],
allowedMethods: [
"PUT",
"POST",
],
allowedOrigins: ["https://s3-website-test.domain.example"],
exposeHeaders: ["ETag"],
maxAgeSeconds: 3000,
},
{
allowedMethods: ["GET"],
allowedOrigins: ["*"],
},
],
});
import pulumi
import pulumi_aws as aws
example = aws.s3.Bucket("example", bucket="mybucket")
example_bucket_cors_configuration = aws.s3.BucketCorsConfiguration("example",
bucket=example.id,
cors_rules=[
{
"allowed_headers": ["*"],
"allowed_methods": [
"PUT",
"POST",
],
"allowed_origins": ["https://s3-website-test.domain.example"],
"expose_headers": ["ETag"],
"max_age_seconds": 3000,
},
{
"allowed_methods": ["GET"],
"allowed_origins": ["*"],
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("mybucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketCorsConfiguration(ctx, "example", &s3.BucketCorsConfigurationArgs{
Bucket: example.ID(),
CorsRules: s3.BucketCorsConfigurationCorsRuleArray{
&s3.BucketCorsConfigurationCorsRuleArgs{
AllowedHeaders: pulumi.StringArray{
pulumi.String("*"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("PUT"),
pulumi.String("POST"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://s3-website-test.domain.example"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("ETag"),
},
MaxAgeSeconds: pulumi.Int(3000),
},
&s3.BucketCorsConfigurationCorsRuleArgs{
AllowedMethods: pulumi.StringArray{
pulumi.String("GET"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("*"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3.Bucket("example", new()
{
BucketName = "mybucket",
});
var exampleBucketCorsConfiguration = new Aws.S3.BucketCorsConfiguration("example", new()
{
Bucket = example.Id,
CorsRules = new[]
{
new Aws.S3.Inputs.BucketCorsConfigurationCorsRuleArgs
{
AllowedHeaders = new[]
{
"*",
},
AllowedMethods = new[]
{
"PUT",
"POST",
},
AllowedOrigins = new[]
{
"https://s3-website-test.domain.example",
},
ExposeHeaders = new[]
{
"ETag",
},
MaxAgeSeconds = 3000,
},
new Aws.S3.Inputs.BucketCorsConfigurationCorsRuleArgs
{
AllowedMethods = new[]
{
"GET",
},
AllowedOrigins = new[]
{
"*",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.BucketCorsConfiguration;
import com.pulumi.aws.s3.BucketCorsConfigurationArgs;
import com.pulumi.aws.s3.inputs.BucketCorsConfigurationCorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Bucket("example", BucketArgs.builder()
.bucket("mybucket")
.build());
var exampleBucketCorsConfiguration = new BucketCorsConfiguration("exampleBucketCorsConfiguration", BucketCorsConfigurationArgs.builder()
.bucket(example.id())
.corsRules(
BucketCorsConfigurationCorsRuleArgs.builder()
.allowedHeaders("*")
.allowedMethods(
"PUT",
"POST")
.allowedOrigins("https://s3-website-test.domain.example")
.exposeHeaders("ETag")
.maxAgeSeconds(3000)
.build(),
BucketCorsConfigurationCorsRuleArgs.builder()
.allowedMethods("GET")
.allowedOrigins("*")
.build())
.build());
}
}
resources:
example:
type: aws:s3:Bucket
properties:
bucket: mybucket
exampleBucketCorsConfiguration:
type: aws:s3:BucketCorsConfiguration
name: example
properties:
bucket: ${example.id}
corsRules:
- allowedHeaders:
- '*'
allowedMethods:
- PUT
- POST
allowedOrigins:
- https://s3-website-test.domain.example
exposeHeaders:
- ETag
maxAgeSeconds: 3000
- allowedMethods:
- GET
allowedOrigins:
- '*'
Create BucketCorsConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BucketCorsConfiguration(name: string, args: BucketCorsConfigurationArgs, opts?: CustomResourceOptions);@overload
def BucketCorsConfiguration(resource_name: str,
args: BucketCorsConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def BucketCorsConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsConfigurationCorsRuleArgs]] = None,
expected_bucket_owner: Optional[str] = None,
region: Optional[str] = None)func NewBucketCorsConfiguration(ctx *Context, name string, args BucketCorsConfigurationArgs, opts ...ResourceOption) (*BucketCorsConfiguration, error)public BucketCorsConfiguration(string name, BucketCorsConfigurationArgs args, CustomResourceOptions? opts = null)
public BucketCorsConfiguration(String name, BucketCorsConfigurationArgs args)
public BucketCorsConfiguration(String name, BucketCorsConfigurationArgs args, CustomResourceOptions options)
type: aws:s3:BucketCorsConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BucketCorsConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BucketCorsConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BucketCorsConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketCorsConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BucketCorsConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var bucketCorsConfigurationResource = new Aws.S3.BucketCorsConfiguration("bucketCorsConfigurationResource", new()
{
Bucket = "string",
CorsRules = new[]
{
new Aws.S3.Inputs.BucketCorsConfigurationCorsRuleArgs
{
AllowedMethods = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
AllowedHeaders = new[]
{
"string",
},
ExposeHeaders = new[]
{
"string",
},
Id = "string",
MaxAgeSeconds = 0,
},
},
ExpectedBucketOwner = "string",
Region = "string",
});
example, err := s3.NewBucketCorsConfiguration(ctx, "bucketCorsConfigurationResource", &s3.BucketCorsConfigurationArgs{
Bucket: pulumi.String("string"),
CorsRules: s3.BucketCorsConfigurationCorsRuleArray{
&s3.BucketCorsConfigurationCorsRuleArgs{
AllowedMethods: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
AllowedHeaders: pulumi.StringArray{
pulumi.String("string"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.String("string"),
MaxAgeSeconds: pulumi.Int(0),
},
},
ExpectedBucketOwner: pulumi.String("string"),
Region: pulumi.String("string"),
})
var bucketCorsConfigurationResource = new BucketCorsConfiguration("bucketCorsConfigurationResource", BucketCorsConfigurationArgs.builder()
.bucket("string")
.corsRules(BucketCorsConfigurationCorsRuleArgs.builder()
.allowedMethods("string")
.allowedOrigins("string")
.allowedHeaders("string")
.exposeHeaders("string")
.id("string")
.maxAgeSeconds(0)
.build())
.expectedBucketOwner("string")
.region("string")
.build());
bucket_cors_configuration_resource = aws.s3.BucketCorsConfiguration("bucketCorsConfigurationResource",
bucket="string",
cors_rules=[{
"allowed_methods": ["string"],
"allowed_origins": ["string"],
"allowed_headers": ["string"],
"expose_headers": ["string"],
"id": "string",
"max_age_seconds": 0,
}],
expected_bucket_owner="string",
region="string")
const bucketCorsConfigurationResource = new aws.s3.BucketCorsConfiguration("bucketCorsConfigurationResource", {
bucket: "string",
corsRules: [{
allowedMethods: ["string"],
allowedOrigins: ["string"],
allowedHeaders: ["string"],
exposeHeaders: ["string"],
id: "string",
maxAgeSeconds: 0,
}],
expectedBucketOwner: "string",
region: "string",
});
type: aws:s3:BucketCorsConfiguration
properties:
bucket: string
corsRules:
- allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
exposeHeaders:
- string
id: string
maxAgeSeconds: 0
expectedBucketOwner: string
region: string
BucketCorsConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BucketCorsConfiguration resource accepts the following input properties:
- Bucket string
- Name of the bucket.
- Cors
Rules List<BucketCors Configuration Cors Rule> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Bucket string
- Name of the bucket.
- Cors
Rules []BucketCors Configuration Cors Rule Args - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket String
- Name of the bucket.
- cors
Rules List<BucketCors Configuration Cors Rule> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket string
- Name of the bucket.
- cors
Rules BucketCors Configuration Cors Rule[] - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket stringOwner - Account ID of the expected bucket owner.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket str
- Name of the bucket.
- cors_
rules Sequence[BucketCors Configuration Cors Rule Args] - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected_
bucket_ strowner - Account ID of the expected bucket owner.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket String
- Name of the bucket.
- cors
Rules List<Property Map> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Outputs
All input properties are implicitly available as output properties. Additionally, the BucketCorsConfiguration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing BucketCorsConfiguration Resource
Get an existing BucketCorsConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BucketCorsConfigurationState, opts?: CustomResourceOptions): BucketCorsConfiguration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsConfigurationCorsRuleArgs]] = None,
expected_bucket_owner: Optional[str] = None,
region: Optional[str] = None) -> BucketCorsConfigurationfunc GetBucketCorsConfiguration(ctx *Context, name string, id IDInput, state *BucketCorsConfigurationState, opts ...ResourceOption) (*BucketCorsConfiguration, error)public static BucketCorsConfiguration Get(string name, Input<string> id, BucketCorsConfigurationState? state, CustomResourceOptions? opts = null)public static BucketCorsConfiguration get(String name, Output<String> id, BucketCorsConfigurationState state, CustomResourceOptions options)resources: _: type: aws:s3:BucketCorsConfiguration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bucket string
- Name of the bucket.
- Cors
Rules List<BucketCors Configuration Cors Rule> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Bucket string
- Name of the bucket.
- Cors
Rules []BucketCors Configuration Cors Rule Args - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket String
- Name of the bucket.
- cors
Rules List<BucketCors Configuration Cors Rule> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket string
- Name of the bucket.
- cors
Rules BucketCors Configuration Cors Rule[] - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket stringOwner - Account ID of the expected bucket owner.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket str
- Name of the bucket.
- cors_
rules Sequence[BucketCors Configuration Cors Rule Args] - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected_
bucket_ strowner - Account ID of the expected bucket owner.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- bucket String
- Name of the bucket.
- cors
Rules List<Property Map> - Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Supporting Types
BucketCorsConfigurationCorsRule, BucketCorsConfigurationCorsRuleArgs
- Allowed
Methods List<string> - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - Allowed
Origins List<string> - Set of origins you want customers to be able to access the bucket from.
- Allowed
Headers List<string> - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - Expose
Headers List<string> - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - Id string
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- Max
Age intSeconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
- Allowed
Methods []string - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - Allowed
Origins []string - Set of origins you want customers to be able to access the bucket from.
- Allowed
Headers []string - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - Expose
Headers []string - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - Id string
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- Max
Age intSeconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
- allowed
Methods List<String> - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - allowed
Origins List<String> - Set of origins you want customers to be able to access the bucket from.
- allowed
Headers List<String> - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - expose
Headers List<String> - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - id String
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- max
Age IntegerSeconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
- allowed
Methods string[] - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - allowed
Origins string[] - Set of origins you want customers to be able to access the bucket from.
- allowed
Headers string[] - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - expose
Headers string[] - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - id string
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- max
Age numberSeconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
- allowed_
methods Sequence[str] - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - allowed_
origins Sequence[str] - Set of origins you want customers to be able to access the bucket from.
- allowed_
headers Sequence[str] - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - expose_
headers Sequence[str] - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - id str
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- max_
age_ intseconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
- allowed
Methods List<String> - Set of HTTP methods that you allow the origin to execute. Valid values are
GET,PUT,HEAD,POST, andDELETE. - allowed
Origins List<String> - Set of origins you want customers to be able to access the bucket from.
- allowed
Headers List<String> - Set of Headers that are specified in the
Access-Control-Request-Headersheader. - expose
Headers List<String> - Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequestobject). - id String
- Unique identifier for the rule. The value cannot be longer than 255 characters.
- max
Age NumberSeconds - Time in seconds that your browser is to cache the preflight response for the specified resource.
Import
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):
Using pulumi import to import S3 bucket CORS configuration using the bucket or using the bucket and expected_bucket_owner separated by a comma (,). For example:
If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, import using the bucket:
$ pulumi import aws:s3/bucketCorsConfiguration:BucketCorsConfiguration example bucket-name
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):
$ pulumi import aws:s3/bucketCorsConfiguration:BucketCorsConfiguration example bucket-name,123456789012
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.