AWS::CloudFront::CloudFrontOriginAccessIdentityCloudFront CloudFrontOriginAccessIdentity
The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide*.
Properties
1 configurable property. 1 required. Click a row to see details.
| Property | Type | Flags |
|---|---|---|
CloudFrontOriginAccessIdentityConfig | CloudFrontOriginAccessIdentityConfig | Required |
Return Values
Values returned after the resource is created. Access these with Fn::GetAtt.
| Attribute | Type | Description |
|---|---|---|
Id | string | - |
S3CanonicalUserId | string | - |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::CloudFront::CloudFrontOriginAccessIdentity
Resources:
MyResource:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig: "my-cloudfrontoriginaccessidentityconfig"Required IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
create
cloudfront:CreateCloudFrontOriginAccessIdentitydelete
cloudfront:DeleteCloudFrontOriginAccessIdentitycloudfront:GetCloudFrontOriginAccessIdentitylist
cloudfront:ListCloudFrontOriginAccessIdentitiesread
cloudfront:GetCloudFrontOriginAccessIdentityupdate
cloudfront:UpdateCloudFrontOriginAccessIdentitycloudfront:GetCloudFrontOriginAccessIdentityGet the CloudFront Cheat Sheet
Everything you need to know about CloudFront on one page. HD quality, print-friendly.
Download Free InfographicQuick Facts
Id