AWS::CloudFront::OriginAccessControl - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.

This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.

For more information about using a CloudFront origin access control, see Restricting access to an Amazon origin in the Amazon CloudFront Developer Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::CloudFront::OriginAccessControl", "Properties" : { "OriginAccessControlConfig" : OriginAccessControlConfig } }


Type: AWS::CloudFront::OriginAccessControl Properties: OriginAccessControlConfig: OriginAccessControlConfig



The origin access control.

Required: Yes

Type: OriginAccessControlConfig

Update requires: No interruption

Return values


For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The unique identifier of the origin access control.