Blog

AWS API Gateway CORS with Lambda proxy integration: preflight mapping templates and error payloads

Enable CORS at the API stage and ensure Lambda returns API Gateway-compatible bodies for 4xx/5xx with proper headers.

Published: 2027-03-12Updated: 2027-03-141 min read

awsapi-gatewaycors

Usage plans

Throttle per API key; browsers retry preflights—avoid accidental 429 loops that look like CORS bugs.

Document burst limits for partner SPAs embedding your widgets.

AWS WAF in front of API Gateway may block OPTIONS if rules are too aggressive—allowlist known user agents carefully.

Log blocked requests with rule IDs to distinguish WAF from application-layer CORS denials.