AWS::CloudFront::OriginAccessControl

Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.

For an Amazon S3 origin, this makes it possible to block public access to the Amazon S3 bucket so that viewers (users) can access the content in the bucket only through CloudFront.

For more information about using a CloudFront origin access control, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::CloudFront::OriginAccessControl",
  "Properties" : {
      "OriginAccessControlConfig" : OriginAccessControlConfig
    }
}

YAML


Type: AWS::CloudFront::OriginAccessControl
Properties: 
  OriginAccessControlConfig: 
    OriginAccessControlConfig

Properties

OriginAccessControlConfig

The origin access control.

Required: Yes

Type: OriginAccessControlConfig

Update requires: No interruption

Return values

Ref

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id: The unique identifier of the origin access control.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

RealtimeMetricsSubscriptionConfig

OriginAccessControlConfig