Hi! The documentation you linked explains that EC2 API has the CORS header you mentioned. The EC2 API means the AWS API to (in example) start/stop instances or create/terminate them. So if you build a application that interacts directly with AWS resources you won't be blocked by CORS. This doesn't include any webserver you may have hosted inside an EC2 instance.
If you have a Website hosted in EC2 with a direct public IP, AWS does not modify the responses that your server answers. If this is your case you need to look deeper into your application/services to see what service is adding the headers (Check the apache/nginx configuration for instance if you use those services).
If you have other services in front of your EC2 instances, like an API Gateway, you need to check the documentation on those services to see how CORS may be implemented in it.
I hope this answer helps you! Feel free to expand on your scenario to provide more context to help you or create a support ticket to AWS Support to enroll further help!
Thanks for your help Pablo! My test involved making a simpler version of my app on HTTP and deploying it alone on both my local PC (dev env) and my EC2 instance. Cloudflare proxy was switched off for my EC2 IP and I tested using the public IP to make sure EC2 was at front.
I can confirm the Access-Control-Allow_Origin:* header only appears in my EC2 responses, even with direct IP access!
In my local dev environment, no access control headers are received whatsoever. No response modification is happening...
On my IP EC2 instance, access control allow origin: * is added to both POST and GET requests. Additionally, if I make a preflight cross origin request - this OPTIONs is returned!!
I think this confirms our suspicions that the EC2 "API" document I initially stated, is actually relevant to EC2 instance response modification and these responses confirm this...
Please do your own due diligence and let me know if anyone gets different results.
- asked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- EXPERTpublished 5 months ago