When you have created a Lambda function with an AWS API Gateway integration and you want to enable CORS on a specific resource, you can do so using the AWS Console as shown in this article: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

But this doesn’t seem to work when your API is integrated with Lambda function(s) as the backend. In order to enable CORS, you need to add a header in the response from the Lambda function itself. The following code example shows this (written in node.js):

let responseBody = {
    description: 'Ignite the engines'
let response = {
    statusCode: 200,
    body: JSON.stringify(responseBody),
    headers:{ 'Access-Control-Allow-Origin' : '*' }
return response;

Notice the ‘headers’ key and it’s value in the response. In this case, we allow every domain to access our resource by assigning ‘*’ to ‘Access-Control-Allow-Origin’. If you want to restrict access, provide a list of comma separated list of domain names instead of the ‘*’.