AWS::CloudFront::OriginAccessControl - AWS CloudFormation


Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.

For an Amazon S3 origin, this makes it possible to block public access to the Amazon S3 bucket so that viewers (users) can access the content in the bucket only through CloudFront.

For more information about using a CloudFront origin access control, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::CloudFront::OriginAccessControl", "Properties" : { "OriginAccessControlConfig" : OriginAccessControlConfig } }


Type: AWS::CloudFront::OriginAccessControl Properties: OriginAccessControlConfig: OriginAccessControlConfig



The origin access control.

Required: Yes

Type: OriginAccessControlConfig

Update requires: No interruption

Return values


For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The unique identifier of the origin access control.