diff --git a/.changeset/seven-buttons-melt.md b/.changeset/seven-buttons-melt.md
new file mode 100644
index 00000000000..ae8ce062f56
--- /dev/null
+++ b/.changeset/seven-buttons-melt.md
@@ -0,0 +1,5 @@
+---
+'@aws-amplify/backend-storage': minor
+---
+
+Enable bucket CORS to be set via defineStorage
diff --git a/packages/backend-storage/API.md b/packages/backend-storage/API.md
index e7472b5770f..97eca1e3aa3 100644
--- a/packages/backend-storage/API.md
+++ b/packages/backend-storage/API.md
@@ -9,6 +9,7 @@ import { BackendOutputStorageStrategy } from '@aws-amplify/plugin-types';
 import { CfnBucket } from 'aws-cdk-lib/aws-s3';
 import { ConstructFactory } from '@aws-amplify/plugin-types';
 import { ConstructFactoryGetInstanceProps } from '@aws-amplify/plugin-types';
+import { CorsRule } from 'aws-cdk-lib/aws-s3';
 import { FunctionResources } from '@aws-amplify/plugin-types';
 import { IBucket } from 'aws-cdk-lib/aws-s3';
 import { ResourceAccessAcceptor } from '@aws-amplify/plugin-types';
@@ -28,6 +29,7 @@ export type AmplifyStorageProps = {
     versioned?: boolean;
     outputStorageStrategy?: BackendOutputStorageStrategy<StorageOutput>;
     triggers?: Partial<Record<AmplifyStorageTriggerEvent, ConstructFactory<ResourceProvider<FunctionResources>>>>;
+    cors?: CorsRule[];
 };
 
 // @public (undocumented)
diff --git a/packages/backend-storage/src/construct.test.ts b/packages/backend-storage/src/construct.test.ts
index 9621ea8e4f4..991a0b0c8e3 100644
--- a/packages/backend-storage/src/construct.test.ts
+++ b/packages/backend-storage/src/construct.test.ts
@@ -3,6 +3,7 @@ import { AmplifyStorage } from './construct.js';
 import { App, Stack } from 'aws-cdk-lib';
 import { Capture, Template } from 'aws-cdk-lib/assertions';
 import assert from 'node:assert';
+import { HttpMethods } from 'aws-cdk-lib/aws-s3';
 
 void describe('AmplifyStorage', () => {
   void it('creates a bucket', () => {
@@ -62,6 +63,37 @@ void describe('AmplifyStorage', () => {
     });
   });
 
+  void it('allows the user to override the default cors settings', () => {
+    const expectedCorsSettings = {
+      maxAge: 100,
+      allowedHeaders: ['example-header'],
+      allowedMethods: [HttpMethods.GET],
+      allowedOrigins: ['my-origin.aws.com'],
+      exposedHeaders: ['*'],
+    };
+    const app = new App();
+    const stack = new Stack(app);
+    new AmplifyStorage(stack, 'testAuth', {
+      name: 'testName',
+      cors: [expectedCorsSettings],
+    });
+
+    const template = Template.fromStack(stack);
+    template.hasResourceProperties('AWS::S3::Bucket', {
+      CorsConfiguration: {
+        CorsRules: [
+          {
+            AllowedHeaders: expectedCorsSettings.allowedHeaders,
+            AllowedMethods: expectedCorsSettings.allowedMethods,
+            AllowedOrigins: expectedCorsSettings.allowedOrigins,
+            ExposedHeaders: expectedCorsSettings.exposedHeaders,
+            MaxAge: expectedCorsSettings.maxAge,
+          },
+        ],
+      },
+    });
+  });
+
   void it('sets destroy retain policy and auto-delete objects true', () => {
     const app = new App();
     const stack = new Stack(app);
diff --git a/packages/backend-storage/src/construct.ts b/packages/backend-storage/src/construct.ts
index 1cbdb716701..fc883715df8 100644
--- a/packages/backend-storage/src/construct.ts
+++ b/packages/backend-storage/src/construct.ts
@@ -3,6 +3,7 @@ import {
   Bucket,
   BucketProps,
   CfnBucket,
+  CorsRule,
   EventType,
   HttpMethods,
   IBucket,
@@ -61,6 +62,7 @@ export type AmplifyStorageProps = {
       ConstructFactory<ResourceProvider<FunctionResources>>
     >
   >;
+  cors?: CorsRule[];
 };
 
 export type StorageResources = {
@@ -92,7 +94,7 @@ export class AmplifyStorage
 
     const bucketProps: BucketProps = {
       versioned: props.versioned || false,
-      cors: [
+      cors: props.cors ?? [
         {
           maxAge: 3000,
           exposedHeaders: [