You’ve just configured a Lambda function that sits behind the API gateway service. When you try to invoke the Lambda function via the API gateway service from Javascript in your HTML page, you receive the following error.
 No `Access-Control-Allow-Origin` header is present on the requested resource. Origin `null` is therefore not allowed access.
What can be done to resolve this error?

Answer options:

A.Enable CORS for the lambda function.
B.Enable CORS for the methods in the API gateway.
C.Change the IAM policy for the Lambda function to enable anonymous access.
D.Change the IAM policy for the API gateway to enable anonymous access.

Answer – B
The AWS Documentation mentions the following.
When your API`s resources receive requests from a domain other than the API`s own domain, you must enable cross-origin resource sharing (CORS) for selected methods on the resource. This amounts to having your API respond to the OPTIONS preflight request with at least the following CORS-required response headers:
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin
Option A is incorrect because CORS is set on the API gateway level and not the Lambda function.
Options C and D are incorrect since IAM Policy is not the reason as to why the error is occurring.
For more information on CORS for the API gateway, please refer to the below URL-
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html