CloudFront Origin Access Control

Docs > DDSQL Reference > Data Directory > CloudFront Origin Access Control

CloudFront Origin Access Control is an AWS feature that manages secure access between CloudFront distributions and their origins. It allows you to enforce that only CloudFront can access your origin, using signed requests with AWS Signature Version 4. This improves security by preventing direct access to the origin and provides more flexibility and control compared to legacy origin access identities.

aws.cloudfront_origin_access_control

Fields

ID	Type	Data Type	Description
_key	core	string
account_id	core	string
cloudfront_origin_access_control_arn	core	string
description	core	string	A description of the origin access control.
id	core	string	The unique identifier of the origin access control.
name	core	string	A unique name that identifies the origin access control.
origin_access_control_origin_type	core	string	The type of origin that this origin access control is for.
signing_behavior	core	string	A value that specifies which requests CloudFront signs (adds authentication information to). This field can have one of the following values: never – CloudFront doesn't sign any origin requests. always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if necessary. no-override – If the viewer request doesn't contain the Authorization header, CloudFront signs the origin request. If the viewer request contains the Authorization header, CloudFront doesn't sign the origin request, but instead passes along the Authorization header that it received in the viewer request.
signing_protocol	core	string	The signing protocol of the origin access control. The signing protocol determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
tags	core	hstore