Menu
Amazon CloudFront
API Reference (API Version 2017-10-30)

CreateCloudFrontOriginAccessIdentity

Creates a new origin access identity. If you're using Amazon S3 for your origin, you can use an origin access identity to require users to access your content using a CloudFront URL instead of the Amazon S3 URL. For more information about how to use origin access identities, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

Request Syntax

POST /2017-10-30/origin-access-identity/cloudfront HTTP/1.1 <?xml version="1.0" encoding="UTF-8"?> <CloudFrontOriginAccessIdentityConfig xmlns="http://cloudfront.amazonaws.com/doc/2017-10-30/"> <CallerReference>string</CallerReference> <Comment>string</Comment> </CloudFrontOriginAccessIdentityConfig>

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in XML format.

CloudFrontOriginAccessIdentityConfig

Root level tag for the CloudFrontOriginAccessIdentityConfig parameters.

Required: Yes

CallerReference

A unique number that ensures the request can't be replayed.

If the CallerReference is new (no matter the content of the CloudFrontOriginAccessIdentityConfig object), a new origin access identity is created.

If the CallerReference is a value already sent in a previous identity request, and the content of the CloudFrontOriginAccessIdentityConfig is identical to the original request (ignoring white space), the response includes the same information returned to the original request.

If the CallerReference is a value you already sent in a previous request to create an identity, but the content of the CloudFrontOriginAccessIdentityConfig is different from the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists error.

Type: String

Required: Yes

Comment

Any comments you want to include about the origin access identity.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 201 <?xml version="1.0" encoding="UTF-8"?> <CloudFrontOriginAccessIdentity> <CloudFrontOriginAccessIdentityConfig> <CallerReference>string</CallerReference> <Comment>string</Comment> </CloudFrontOriginAccessIdentityConfig> <Id>string</Id> <S3CanonicalUserId>string</S3CanonicalUserId> </CloudFrontOriginAccessIdentity>

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in XML format by the service.

CloudFrontOriginAccessIdentity

Root level tag for the CloudFrontOriginAccessIdentity parameters.

Required: Yes

CloudFrontOriginAccessIdentityConfig

The current configuration information for the identity.

Type: CloudFrontOriginAccessIdentityConfig object

Id

The ID for the origin access identity, for example, E74FTE3AJFJ256A.

Type: String

S3CanonicalUserId

The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

CloudFrontOriginAccessIdentityAlreadyExists

If the CallerReference is a value you already sent in a previous request to create an identity but the content of the CloudFrontOriginAccessIdentityConfig is different from the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists error.

HTTP Status Code: 409

InconsistentQuantities

The value of Quantity and the size of Items don't match.

HTTP Status Code: 400

InvalidArgument

The argument is invalid.

HTTP Status Code: 400

MissingBody

This operation requires a body. Ensure that the body is present and the Content-Type header is set.

HTTP Status Code: 400

TooManyCloudFrontOriginAccessIdentities

Processing your request would cause you to exceed the maximum number of origin access identities allowed.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: