From c0cbd502b265c461ee3f87bcf183b6a6d5992ed9 Mon Sep 17 00:00:00 2001
From: Luke <lukebellamy053@gmail.com>
Date: Sun, 8 Sep 2024 18:04:41 +0100
Subject: [PATCH] feat: allow s3 cors options to be configured

---
 .changeset/seven-buttons-melt.md              |  5 +++
 package-lock.json                             |  8 ++---
 packages/backend-storage/API.md               |  2 ++
 .../backend-storage/src/construct.test.ts     | 32 +++++++++++++++++++
 packages/backend-storage/src/construct.ts     |  4 ++-
 5 files changed, 46 insertions(+), 5 deletions(-)
 create mode 100644 .changeset/seven-buttons-melt.md

diff --git a/.changeset/seven-buttons-melt.md b/.changeset/seven-buttons-melt.md
new file mode 100644
index 00000000000..ae8ce062f56
--- /dev/null
+++ b/.changeset/seven-buttons-melt.md
@@ -0,0 +1,5 @@
+---
+'@aws-amplify/backend-storage': minor
+---
+
+Enable bucket CORS to be set via defineStorage
diff --git a/package-lock.json b/package-lock.json
index d1f0b2600b7..06b7cca03b5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24670,7 +24670,7 @@
     },
     "packages/ai-constructs": {
       "name": "@aws-amplify/ai-constructs",
-      "version": "0.1.1",
+      "version": "0.1.2",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-amplify/plugin-types": "^1.0.1",
@@ -24869,7 +24869,7 @@
     },
     "packages/backend-secret": {
       "name": "@aws-amplify/backend-secret",
-      "version": "1.1.0",
+      "version": "1.1.1",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-amplify/platform-core": "^1.0.5",
@@ -25511,11 +25511,11 @@
     },
     "packages/sandbox": {
       "name": "@aws-amplify/sandbox",
-      "version": "1.2.0",
+      "version": "1.2.1",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-amplify/backend-deployer": "^1.1.0",
-        "@aws-amplify/backend-secret": "^1.1.0",
+        "@aws-amplify/backend-secret": "^1.1.1",
         "@aws-amplify/cli-core": "^1.1.2",
         "@aws-amplify/client-config": "^1.1.3",
         "@aws-amplify/deployed-backend-client": "^1.3.0",
diff --git a/packages/backend-storage/API.md b/packages/backend-storage/API.md
index e7472b5770f..97eca1e3aa3 100644
--- a/packages/backend-storage/API.md
+++ b/packages/backend-storage/API.md
@@ -9,6 +9,7 @@ import { BackendOutputStorageStrategy } from '@aws-amplify/plugin-types';
 import { CfnBucket } from 'aws-cdk-lib/aws-s3';
 import { ConstructFactory } from '@aws-amplify/plugin-types';
 import { ConstructFactoryGetInstanceProps } from '@aws-amplify/plugin-types';
+import { CorsRule } from 'aws-cdk-lib/aws-s3';
 import { FunctionResources } from '@aws-amplify/plugin-types';
 import { IBucket } from 'aws-cdk-lib/aws-s3';
 import { ResourceAccessAcceptor } from '@aws-amplify/plugin-types';
@@ -28,6 +29,7 @@ export type AmplifyStorageProps = {
     versioned?: boolean;
     outputStorageStrategy?: BackendOutputStorageStrategy<StorageOutput>;
     triggers?: Partial<Record<AmplifyStorageTriggerEvent, ConstructFactory<ResourceProvider<FunctionResources>>>>;
+    cors?: CorsRule[];
 };
 
 // @public (undocumented)
diff --git a/packages/backend-storage/src/construct.test.ts b/packages/backend-storage/src/construct.test.ts
index 9621ea8e4f4..991a0b0c8e3 100644
--- a/packages/backend-storage/src/construct.test.ts
+++ b/packages/backend-storage/src/construct.test.ts
@@ -3,6 +3,7 @@ import { AmplifyStorage } from './construct.js';
 import { App, Stack } from 'aws-cdk-lib';
 import { Capture, Template } from 'aws-cdk-lib/assertions';
 import assert from 'node:assert';
+import { HttpMethods } from 'aws-cdk-lib/aws-s3';
 
 void describe('AmplifyStorage', () => {
   void it('creates a bucket', () => {
@@ -62,6 +63,37 @@ void describe('AmplifyStorage', () => {
     });
   });
 
+  void it('allows the user to override the default cors settings', () => {
+    const expectedCorsSettings = {
+      maxAge: 100,
+      allowedHeaders: ['example-header'],
+      allowedMethods: [HttpMethods.GET],
+      allowedOrigins: ['my-origin.aws.com'],
+      exposedHeaders: ['*'],
+    };
+    const app = new App();
+    const stack = new Stack(app);
+    new AmplifyStorage(stack, 'testAuth', {
+      name: 'testName',
+      cors: [expectedCorsSettings],
+    });
+
+    const template = Template.fromStack(stack);
+    template.hasResourceProperties('AWS::S3::Bucket', {
+      CorsConfiguration: {
+        CorsRules: [
+          {
+            AllowedHeaders: expectedCorsSettings.allowedHeaders,
+            AllowedMethods: expectedCorsSettings.allowedMethods,
+            AllowedOrigins: expectedCorsSettings.allowedOrigins,
+            ExposedHeaders: expectedCorsSettings.exposedHeaders,
+            MaxAge: expectedCorsSettings.maxAge,
+          },
+        ],
+      },
+    });
+  });
+
   void it('sets destroy retain policy and auto-delete objects true', () => {
     const app = new App();
     const stack = new Stack(app);
diff --git a/packages/backend-storage/src/construct.ts b/packages/backend-storage/src/construct.ts
index 1cbdb716701..fc883715df8 100644
--- a/packages/backend-storage/src/construct.ts
+++ b/packages/backend-storage/src/construct.ts
@@ -3,6 +3,7 @@ import {
   Bucket,
   BucketProps,
   CfnBucket,
+  CorsRule,
   EventType,
   HttpMethods,
   IBucket,
@@ -61,6 +62,7 @@ export type AmplifyStorageProps = {
       ConstructFactory<ResourceProvider<FunctionResources>>
     >
   >;
+  cors?: CorsRule[];
 };
 
 export type StorageResources = {
@@ -92,7 +94,7 @@ export class AmplifyStorage
 
     const bucketProps: BucketProps = {
       versioned: props.versioned || false,
-      cors: [
+      cors: props.cors ?? [
         {
           maxAge: 3000,
           exposedHeaders: [