Cross-Origin Resource Sharing (CORS)
] only applies to requests initiated by the browser. It is intended to prevent a malicious site from instigating a request in the context of the current user.
For example: you log in to your bank's website. You visit
evilbadguys DOT com
. That site sends a cross-origin request to your bank's website telling it to transfer all of your money to their account. The bank sees you are already logged in, and processes the request as if you initiated it yourself.
Such restrictions do not apply to tools such as Postman.
In order to resolve the issue, the site you're calling needs to be explicitly configured to allow the site you're calling from to make the request. There is nothing you can do in your code to circumvent that (short of writing your own server-site proxy script)
You need to configure the CORS settings on your AWS account, as described in the documentation: