CloudFront distributions using origin access identity should be migrated to origin access control

cloudfront
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

CloudFront distributions using Origin Access Identity (OAI) should be migrated to Origin Access Control (OAC) for enhanced security features, including signed requests, granular permissions, and support for AWS Identity and Access Management (IAM) policies. Additionally, OAC offers broader compatibility with various AWS origins, such as S3 and custom origins, enhancing both flexibility and security.

Remediation

For guidance on migrating legacy OAI to OAC, refer to the Migrating from origin access identity (OAI) to origin access control (OAC) section of the Amazon CloudFront Developer Guide.