Trying to enable CORS


I have:

  • A lambda function
  • API gateway pointing to it
  • This API gateway has a custom domain, which is associated with <domain>

When I access the API gateway directly with its API id (<string> CORS works as expected (I will get the access-control-allow-origin: * header).

However, if I access the API gateway with the custom domain (, I will not get that header and CORS will not work. Instead I get some CloudFront errors:

x-amzn-errortype: ForbiddenException
x-cache: Error from cloudfront

If I go to AWS services/CloudFront, there is no distribution for this CloudFront domain at all. So I cannot edit any settings there, because it doesn't even exist. I don't think I can create it either, since it offers only S3 buckets as a source, when I try to create a distribution.

What to do? How to get CORS working?

Thank you.

asked a year ago377 views
1 Answer

It looks like x-amzn-errortype tells that request from CloudFront has not been authorized by API GW. You can configure CloudFront to convey API in the custom header sent to Origin (API GW in this case):

answered a year ago
  • Can you elaborate - should I configure API Gateway or CloudFront?

    One problem is that on CloudFront I don't have any "distribution". Everything seems to work without a distribution for me. And I'm not sure I can just create one either, everything has been working like that for quite a while already.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions