AWS Certified Solutions Architect – Professional — Question 785

A company runs an unauthenticated static website (www.example.com) that includes a registration form for users. The website uses Amazon S3 for hosting and uses Amazon CloudFront as the content delivery network with AWS WAF configured. When the registration form is submitted, the website calls an Amazon API Gateway API endpoint that invokes an AWS Lambda function to process the payload and forward the payload to an external API call.

During testing, a solutions architect encounters a cross-origin resource sharing (CORS) error. The solutions architect confirms that the CloudFront distribution origin has the Access-Control-Allow-Origin header set to www.example.com.

What should the solutions architect do to resolve the error?

Answer options

• A. Change the CORS configuration on the S3 bucket. Add rules for CORS to the AllowedOrigin element for www.example.com.
• B. Enable the CORS setting in AWS WAF. Create a web ACL rule in which the Access-Control-Allow-Origin header is set to www.example.com.
• C. Enable the CORS setting on the API Gateway API endpoint. Ensure that the API endpoint is configured to return all responses that have the Access-Control-Allow-Origin header set to www.example.com.
• D. Enable the CORS setting on the Lambda function. Ensure that the return code of the function has the Access-Control-Allow-Origin header set to www.example.com.

Correct answer: C

Explanation

The CORS error occurs because the client browser is making an asynchronous request from the static website's origin (www.example.com) to a different origin, which is the Amazon API Gateway endpoint. To resolve this, the API Gateway endpoint itself must be configured to support CORS and return the Access-Control-Allow-Origin header set to www.example.com. Configuring CORS on S3, AWS WAF, or the Lambda function code alone does not address the API Gateway endpoint's need to handle preflight OPTIONS requests and return the correct headers to the browser.