1. Packages
  2. AWS
  3. API Docs
  4. s3
  5. BucketCorsConfigurationV2
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

aws.s3.BucketCorsConfigurationV2

Explore with Pulumi AI

Provides an S3 bucket CORS configuration resource. For more information about CORS, go to Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.

NOTE: S3 Buckets only support a single CORS configuration. Declaring multiple aws.s3.BucketCorsConfigurationV2 resources to the same S3 Bucket will cause a perpetual difference in configuration.

This resource cannot be used with S3 directory buckets.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.BucketV2("example", {bucket: "mybucket"});
const exampleBucketCorsConfigurationV2 = new aws.s3.BucketCorsConfigurationV2("example", {
    bucket: example.id,
    corsRules: [
        {
            allowedHeaders: ["*"],
            allowedMethods: [
                "PUT",
                "POST",
            ],
            allowedOrigins: ["https://s3-website-test.domain.example"],
            exposeHeaders: ["ETag"],
            maxAgeSeconds: 3000,
        },
        {
            allowedMethods: ["GET"],
            allowedOrigins: ["*"],
        },
    ],
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.s3.BucketV2("example", bucket="mybucket")
example_bucket_cors_configuration_v2 = aws.s3.BucketCorsConfigurationV2("example",
    bucket=example.id,
    cors_rules=[
        {
            "allowed_headers": ["*"],
            "allowed_methods": [
                "PUT",
                "POST",
            ],
            "allowed_origins": ["https://s3-website-test.domain.example"],
            "expose_headers": ["ETag"],
            "max_age_seconds": 3000,
        },
        {
            "allowed_methods": ["GET"],
            "allowed_origins": ["*"],
        },
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
			Bucket: pulumi.String("mybucket"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketCorsConfigurationV2(ctx, "example", &s3.BucketCorsConfigurationV2Args{
			Bucket: example.ID(),
			CorsRules: s3.BucketCorsConfigurationV2CorsRuleArray{
				&s3.BucketCorsConfigurationV2CorsRuleArgs{
					AllowedHeaders: pulumi.StringArray{
						pulumi.String("*"),
					},
					AllowedMethods: pulumi.StringArray{
						pulumi.String("PUT"),
						pulumi.String("POST"),
					},
					AllowedOrigins: pulumi.StringArray{
						pulumi.String("https://s3-website-test.domain.example"),
					},
					ExposeHeaders: pulumi.StringArray{
						pulumi.String("ETag"),
					},
					MaxAgeSeconds: pulumi.Int(3000),
				},
				&s3.BucketCorsConfigurationV2CorsRuleArgs{
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
					},
					AllowedOrigins: pulumi.StringArray{
						pulumi.String("*"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.S3.BucketV2("example", new()
    {
        Bucket = "mybucket",
    });

    var exampleBucketCorsConfigurationV2 = new Aws.S3.BucketCorsConfigurationV2("example", new()
    {
        Bucket = example.Id,
        CorsRules = new[]
        {
            new Aws.S3.Inputs.BucketCorsConfigurationV2CorsRuleArgs
            {
                AllowedHeaders = new[]
                {
                    "*",
                },
                AllowedMethods = new[]
                {
                    "PUT",
                    "POST",
                },
                AllowedOrigins = new[]
                {
                    "https://s3-website-test.domain.example",
                },
                ExposeHeaders = new[]
                {
                    "ETag",
                },
                MaxAgeSeconds = 3000,
            },
            new Aws.S3.Inputs.BucketCorsConfigurationV2CorsRuleArgs
            {
                AllowedMethods = new[]
                {
                    "GET",
                },
                AllowedOrigins = new[]
                {
                    "*",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketCorsConfigurationV2;
import com.pulumi.aws.s3.BucketCorsConfigurationV2Args;
import com.pulumi.aws.s3.inputs.BucketCorsConfigurationV2CorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new BucketV2("example", BucketV2Args.builder()
            .bucket("mybucket")
            .build());

        var exampleBucketCorsConfigurationV2 = new BucketCorsConfigurationV2("exampleBucketCorsConfigurationV2", BucketCorsConfigurationV2Args.builder()
            .bucket(example.id())
            .corsRules(            
                BucketCorsConfigurationV2CorsRuleArgs.builder()
                    .allowedHeaders("*")
                    .allowedMethods(                    
                        "PUT",
                        "POST")
                    .allowedOrigins("https://s3-website-test.domain.example")
                    .exposeHeaders("ETag")
                    .maxAgeSeconds(3000)
                    .build(),
                BucketCorsConfigurationV2CorsRuleArgs.builder()
                    .allowedMethods("GET")
                    .allowedOrigins("*")
                    .build())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:s3:BucketV2
    properties:
      bucket: mybucket
  exampleBucketCorsConfigurationV2:
    type: aws:s3:BucketCorsConfigurationV2
    name: example
    properties:
      bucket: ${example.id}
      corsRules:
        - allowedHeaders:
            - '*'
          allowedMethods:
            - PUT
            - POST
          allowedOrigins:
            - https://s3-website-test.domain.example
          exposeHeaders:
            - ETag
          maxAgeSeconds: 3000
        - allowedMethods:
            - GET
          allowedOrigins:
            - '*'
Copy

Create BucketCorsConfigurationV2 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BucketCorsConfigurationV2(name: string, args: BucketCorsConfigurationV2Args, opts?: CustomResourceOptions);
@overload
def BucketCorsConfigurationV2(resource_name: str,
                              args: BucketCorsConfigurationV2Args,
                              opts: Optional[ResourceOptions] = None)

@overload
def BucketCorsConfigurationV2(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              bucket: Optional[str] = None,
                              cors_rules: Optional[Sequence[BucketCorsConfigurationV2CorsRuleArgs]] = None,
                              expected_bucket_owner: Optional[str] = None)
func NewBucketCorsConfigurationV2(ctx *Context, name string, args BucketCorsConfigurationV2Args, opts ...ResourceOption) (*BucketCorsConfigurationV2, error)
public BucketCorsConfigurationV2(string name, BucketCorsConfigurationV2Args args, CustomResourceOptions? opts = null)
public BucketCorsConfigurationV2(String name, BucketCorsConfigurationV2Args args)
public BucketCorsConfigurationV2(String name, BucketCorsConfigurationV2Args args, CustomResourceOptions options)
type: aws:s3:BucketCorsConfigurationV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. BucketCorsConfigurationV2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. BucketCorsConfigurationV2Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. BucketCorsConfigurationV2Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. BucketCorsConfigurationV2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. BucketCorsConfigurationV2Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var bucketCorsConfigurationV2Resource = new Aws.S3.BucketCorsConfigurationV2("bucketCorsConfigurationV2Resource", new()
{
    Bucket = "string",
    CorsRules = new[]
    {
        new Aws.S3.Inputs.BucketCorsConfigurationV2CorsRuleArgs
        {
            AllowedMethods = new[]
            {
                "string",
            },
            AllowedOrigins = new[]
            {
                "string",
            },
            AllowedHeaders = new[]
            {
                "string",
            },
            ExposeHeaders = new[]
            {
                "string",
            },
            Id = "string",
            MaxAgeSeconds = 0,
        },
    },
    ExpectedBucketOwner = "string",
});
Copy
example, err := s3.NewBucketCorsConfigurationV2(ctx, "bucketCorsConfigurationV2Resource", &s3.BucketCorsConfigurationV2Args{
	Bucket: pulumi.String("string"),
	CorsRules: s3.BucketCorsConfigurationV2CorsRuleArray{
		&s3.BucketCorsConfigurationV2CorsRuleArgs{
			AllowedMethods: pulumi.StringArray{
				pulumi.String("string"),
			},
			AllowedOrigins: pulumi.StringArray{
				pulumi.String("string"),
			},
			AllowedHeaders: pulumi.StringArray{
				pulumi.String("string"),
			},
			ExposeHeaders: pulumi.StringArray{
				pulumi.String("string"),
			},
			Id:            pulumi.String("string"),
			MaxAgeSeconds: pulumi.Int(0),
		},
	},
	ExpectedBucketOwner: pulumi.String("string"),
})
Copy
var bucketCorsConfigurationV2Resource = new BucketCorsConfigurationV2("bucketCorsConfigurationV2Resource", BucketCorsConfigurationV2Args.builder()
    .bucket("string")
    .corsRules(BucketCorsConfigurationV2CorsRuleArgs.builder()
        .allowedMethods("string")
        .allowedOrigins("string")
        .allowedHeaders("string")
        .exposeHeaders("string")
        .id("string")
        .maxAgeSeconds(0)
        .build())
    .expectedBucketOwner("string")
    .build());
Copy
bucket_cors_configuration_v2_resource = aws.s3.BucketCorsConfigurationV2("bucketCorsConfigurationV2Resource",
    bucket="string",
    cors_rules=[{
        "allowed_methods": ["string"],
        "allowed_origins": ["string"],
        "allowed_headers": ["string"],
        "expose_headers": ["string"],
        "id": "string",
        "max_age_seconds": 0,
    }],
    expected_bucket_owner="string")
Copy
const bucketCorsConfigurationV2Resource = new aws.s3.BucketCorsConfigurationV2("bucketCorsConfigurationV2Resource", {
    bucket: "string",
    corsRules: [{
        allowedMethods: ["string"],
        allowedOrigins: ["string"],
        allowedHeaders: ["string"],
        exposeHeaders: ["string"],
        id: "string",
        maxAgeSeconds: 0,
    }],
    expectedBucketOwner: "string",
});
Copy
type: aws:s3:BucketCorsConfigurationV2
properties:
    bucket: string
    corsRules:
        - allowedHeaders:
            - string
          allowedMethods:
            - string
          allowedOrigins:
            - string
          exposeHeaders:
            - string
          id: string
          maxAgeSeconds: 0
    expectedBucketOwner: string
Copy

BucketCorsConfigurationV2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The BucketCorsConfigurationV2 resource accepts the following input properties:

Bucket
This property is required.
Changes to this property will trigger replacement.
string
Name of the bucket.
CorsRules This property is required. List<BucketCorsConfigurationV2CorsRule>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
ExpectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
Bucket
This property is required.
Changes to this property will trigger replacement.
string
Name of the bucket.
CorsRules This property is required. []BucketCorsConfigurationV2CorsRuleArgs
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
ExpectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
bucket
This property is required.
Changes to this property will trigger replacement.
String
Name of the bucket.
corsRules This property is required. List<BucketCorsConfigurationV2CorsRule>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. String
Account ID of the expected bucket owner.
bucket
This property is required.
Changes to this property will trigger replacement.
string
Name of the bucket.
corsRules This property is required. BucketCorsConfigurationV2CorsRule[]
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
bucket
This property is required.
Changes to this property will trigger replacement.
str
Name of the bucket.
cors_rules This property is required. Sequence[BucketCorsConfigurationV2CorsRuleArgs]
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expected_bucket_owner Changes to this property will trigger replacement. str
Account ID of the expected bucket owner.
bucket
This property is required.
Changes to this property will trigger replacement.
String
Name of the bucket.
corsRules This property is required. List<Property Map>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. String
Account ID of the expected bucket owner.

Outputs

All input properties are implicitly available as output properties. Additionally, the BucketCorsConfigurationV2 resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing BucketCorsConfigurationV2 Resource

Get an existing BucketCorsConfigurationV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BucketCorsConfigurationV2State, opts?: CustomResourceOptions): BucketCorsConfigurationV2
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bucket: Optional[str] = None,
        cors_rules: Optional[Sequence[BucketCorsConfigurationV2CorsRuleArgs]] = None,
        expected_bucket_owner: Optional[str] = None) -> BucketCorsConfigurationV2
func GetBucketCorsConfigurationV2(ctx *Context, name string, id IDInput, state *BucketCorsConfigurationV2State, opts ...ResourceOption) (*BucketCorsConfigurationV2, error)
public static BucketCorsConfigurationV2 Get(string name, Input<string> id, BucketCorsConfigurationV2State? state, CustomResourceOptions? opts = null)
public static BucketCorsConfigurationV2 get(String name, Output<String> id, BucketCorsConfigurationV2State state, CustomResourceOptions options)
resources:  _:    type: aws:s3:BucketCorsConfigurationV2    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Bucket Changes to this property will trigger replacement. string
Name of the bucket.
CorsRules List<BucketCorsConfigurationV2CorsRule>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
ExpectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
Bucket Changes to this property will trigger replacement. string
Name of the bucket.
CorsRules []BucketCorsConfigurationV2CorsRuleArgs
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
ExpectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
bucket Changes to this property will trigger replacement. String
Name of the bucket.
corsRules List<BucketCorsConfigurationV2CorsRule>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. String
Account ID of the expected bucket owner.
bucket Changes to this property will trigger replacement. string
Name of the bucket.
corsRules BucketCorsConfigurationV2CorsRule[]
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. string
Account ID of the expected bucket owner.
bucket Changes to this property will trigger replacement. str
Name of the bucket.
cors_rules Sequence[BucketCorsConfigurationV2CorsRuleArgs]
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expected_bucket_owner Changes to this property will trigger replacement. str
Account ID of the expected bucket owner.
bucket Changes to this property will trigger replacement. String
Name of the bucket.
corsRules List<Property Map>
Set of origins and methods (cross-origin access that you want to allow). See below. You can configure up to 100 rules.
expectedBucketOwner Changes to this property will trigger replacement. String
Account ID of the expected bucket owner.

Supporting Types

BucketCorsConfigurationV2CorsRule
, BucketCorsConfigurationV2CorsRuleArgs

AllowedMethods This property is required. List<string>
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
AllowedOrigins This property is required. List<string>
Set of origins you want customers to be able to access the bucket from.
AllowedHeaders List<string>
Set of Headers that are specified in the Access-Control-Request-Headers header.
ExposeHeaders List<string>
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
Id string
Unique identifier for the rule. The value cannot be longer than 255 characters.
MaxAgeSeconds int
Time in seconds that your browser is to cache the preflight response for the specified resource.
AllowedMethods This property is required. []string
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
AllowedOrigins This property is required. []string
Set of origins you want customers to be able to access the bucket from.
AllowedHeaders []string
Set of Headers that are specified in the Access-Control-Request-Headers header.
ExposeHeaders []string
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
Id string
Unique identifier for the rule. The value cannot be longer than 255 characters.
MaxAgeSeconds int
Time in seconds that your browser is to cache the preflight response for the specified resource.
allowedMethods This property is required. List<String>
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
allowedOrigins This property is required. List<String>
Set of origins you want customers to be able to access the bucket from.
allowedHeaders List<String>
Set of Headers that are specified in the Access-Control-Request-Headers header.
exposeHeaders List<String>
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
id String
Unique identifier for the rule. The value cannot be longer than 255 characters.
maxAgeSeconds Integer
Time in seconds that your browser is to cache the preflight response for the specified resource.
allowedMethods This property is required. string[]
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
allowedOrigins This property is required. string[]
Set of origins you want customers to be able to access the bucket from.
allowedHeaders string[]
Set of Headers that are specified in the Access-Control-Request-Headers header.
exposeHeaders string[]
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
id string
Unique identifier for the rule. The value cannot be longer than 255 characters.
maxAgeSeconds number
Time in seconds that your browser is to cache the preflight response for the specified resource.
allowed_methods This property is required. Sequence[str]
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
allowed_origins This property is required. Sequence[str]
Set of origins you want customers to be able to access the bucket from.
allowed_headers Sequence[str]
Set of Headers that are specified in the Access-Control-Request-Headers header.
expose_headers Sequence[str]
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
id str
Unique identifier for the rule. The value cannot be longer than 255 characters.
max_age_seconds int
Time in seconds that your browser is to cache the preflight response for the specified resource.
allowedMethods This property is required. List<String>
Set of HTTP methods that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
allowedOrigins This property is required. List<String>
Set of origins you want customers to be able to access the bucket from.
allowedHeaders List<String>
Set of Headers that are specified in the Access-Control-Request-Headers header.
exposeHeaders List<String>
Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
id String
Unique identifier for the rule. The value cannot be longer than 255 characters.
maxAgeSeconds Number
Time in seconds that your browser is to cache the preflight response for the specified resource.

Import

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):

Using pulumi import to import S3 bucket CORS configuration using the bucket or using the bucket and expected_bucket_owner separated by a comma (,). For example:

If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, import using the bucket:

$ pulumi import aws:s3/bucketCorsConfigurationV2:BucketCorsConfigurationV2 example bucket-name
Copy

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):

$ pulumi import aws:s3/bucketCorsConfigurationV2:BucketCorsConfigurationV2 example bucket-name,123456789012
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.