Is it possible to set access-control-allow-origin on getSignedUrl operation for a S3 object? I have been looking out for a list of available params from the aws documentation but it's unclear.

Update: Suppose I have an object "test-file.jpg" in a bucket named "test-bucket". There is no CORS policy set on the bucket. The signed URL created by the getSignedUrl method throws 'no access-control-allow-origin header present' not allowed error in the browser.

var s3 = new aws.S3({'signatureVersion': 'v4'});
var options = {
    Bucket:"test-bucket",
    Key:"test-file.jpg",
    Expires:120
}
var signedUrl = s3.getSignedUrl('getObject', options);

Is there an option to set the access-control-allow-origin : * in the above function call?

There is not a way to do this. You would need to configure CORS on the bucket.

There are some options, like ResponseContentDisposition that cause S3 to inject extra, customized response headers into the response when the pre-signed URL is used to fetch the object. There is no such option for CORS.

A somewhat complex-sounding (but seemingly effective) workaround could be designed using CloudFront, Lambda@Edge, an Origin Access Identity, and CloudFront pre-signed URLs. A Lambda response trigger would add the CORS response headers to the S3 response, which would have been authorized at S3 by the OAI after being validated by the CloudFront signed URL, and a Lambda request trigger would generate any pre-flight response the browser might require.