I am trying to connect to AWS API using the JavaScript SDK. In particular, I need to connect to MediaLive services, but keep getting the following error:
Access to XMLHttpRequest at 'https://medialive.eu-west-1.amazonaws.com/prod/inputSecurityGroups/123456' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have enabled AWSElementalMediaLiveFullAccess permissions in the IAM role, also CORS on the server. But I can't work out how to enable CORS on the MediaLive API service. API Gateway, incidentally, does not list MediaLive as a service it can connect to.
Any help with this would be greatly appreciated!
Here is the simple test code producing the CORS errors above:
// Initialize the Amazon Cognito credentials provider
AWS.config.region = 'eu-west-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({IdentityPoolId: 'eu-west-1:123456'});
var medialive = new AWS.MediaLive({apiVersion: '2017-10-14'});
var params = {
InputSecurityGroupId: '123456' /* required */
};
medialive.describeInputSecurityGroup(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
CORS is currently not supported by AWS MediaLive.
Given that calls from the browser using the Javascript SDK to the AWS Elemental MediaLive service will be cross-domain and the service doesn't support CORS, the browser will not allow this request to be made. A possible solution is to create a proxy on your domain that can proxy the request from the browser to MediaLive (and signing/auth the request in the proxy). This will prevent the request from appearing to be a cross-domain request.
Also, it is worth noting that using the Javascript SDK from the browser may create a security risk because the API keys would need to be in browser.
Thank you.