If you’d like to use CORS in your AWS API Gateway, it’s pretty easy to configure in the Console. You just select the resource (or the root if you’d like to enable it for all resources) and select Actions -> Enable CORS, like this:
If you’re using SAM, it might be much more useful for you to define it within the SAM template file directly, as described in the documentation.
Unfortunately this is not working if you’re starting your local API Gateway using SAM. There is a Feature Request pending that you can monitor here.
Until it’s approved, merged and released the only workaround I found was to explicitly define appropriate headers in your response. So, something between those lines in, e.g. your Lambda code that is invoked after accessing API Gateway resource:
return {'statusCode': 200,
'body': {},
'headers': {'Content-Type': 'application/json', "Access-Control-Allow-Origin": "*"}
}