Enable CORS in AWS API Gateway with aws-cli

Question

I'm currently writing script to programmatically enable CORS once a resource is added to an API Endpoint on AWS API Gateway. After exploring the put-integration-response function for hours. I almost got a breakthrough, but here is an error I'm getting:

An error occurred (BadRequestException) when calling the 
PutIntegrationResponse operation: Invalid mapping expression specified: 
Validation Result: warnings : [], errors : [No method response exists 
for method.]

Here is the script I'm using to enable CORS:

aws apigateway put-integration-response --rest-api-id XXXXX --resource 
-id XXXX --http-method GET --status-code 200 --selection-pattern 200 -- 
response-parameters '{"method.reponse.header.Access-Control-Allow- 
Origin": "'"'*'"'", "method.response.header.Access-Control-Allow- 
Headers": "'"'integration.request.header.Authorization'"'"}'

The weird thing I found was the AWS documentation seems to be out of date with the current version of the aws-cli It tooks me hours to fix some basic issues I had with the api call.

Will be grateful for any ideas.

Cheers! Nyah

Answer 1

Couple of issues found in your AWS CLI command for aws apigateway put-integration-response

1. There is a typo mistake

method.reponse.header.Access-Control-Allow-Origin

It must be:

   method.response.header.Access-Control-Allow-Origin

1. To set a value '*' to Access-Control-Allow-Origin you need to use "'"'"'*'"'"'" instead of "'"'*'"'" In response-parameters you can set method.reponse.header.Access-Control-Allow-Origin, but can not set method.response.header.Access-Control-Allow-Headers
2. The reason of the error

PutIntegrationResponse operation: Invalid mapping expression specified

is because you are trying to set method.response.header.Access-Control-Allow-Headers in response-parameters

Below should be the final AWS CLI command

aws apigateway put-integration-response --rest-api-id XXXXX --resource-id XXXX --http-method GET --status-code 200 --selection-pattern 200 
--response-parameters '{"method.response.header.Access-Control-Allow-Origin": "'"'"'*'"'"'"}'

Answer 2

End to end example of setting up CORS for a MOCK integration for OPTIONS method, equivalent to the "Enable API Gateway CORS" checkbox in the Create Resource dialog from the Management Console.

Order of operation is important, assuming you already have REST-API created with id api1111, and root resource id prid2222

# Create resource with id: res3333
aws apigateway create-resource \
--rest-api-id api1111 \
--parent-id prid2222 \
--path-part "resourcepath"

aws apigateway put-method --rest-api-id api1111 --resource-id res3333\
  --http-method OPTIONS --authorization-type NONE 

aws apigateway put-integration \
  --rest-api-id mpc2i5qvt0 --resource-id kv90zk --http-method OPTIONS \
  --type MOCK --request-templates '{ "application/json": "{\"statusCode\": 200}" }'

# Create methods and declare available response parameters 
aws apigateway put-method-response \
  --rest-api-id api1111 --resource-id res3333 --http-method OPTIONS \
  --status-code 200 \
  --response-parameters '{"method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true, "method.response.header.Access-Control-Allow-Origin": true}'  \
  --response-models '{"application/json": "Empty"}'

aws apigateway put-integration-response \ 
  --rest-api-id api1111 --resource-id res3333 --http-method OPTIONS \
  --status-code 200  \
  --response-parameters '{"method.response.header.Access-Control-Allow-Methods": "'\'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT\''",
        "method.response.header.Access-Control-Allow-Headers": "'\'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token\''",
        "method.response.header.Access-Control-Allow-Origin": "'\'*\''"}'

Also notice an alternative method of specifying the values for response paremeters.