origin_access_controls
Creates, updates, deletes or gets an origin_access_control resource or lists origin_access_controls in a region
Overview
| Name | origin_access_controls |
| Type | Resource |
| Description | Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin. This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront. For more information about using a CloudFront origin access control, see [Restricting access to an origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*. |
| Id | aws.cloudfront.origin_access_controls |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | |
origin_access_control_config | object | The origin access control. |
region | string | AWS region. |
For more information, see AWS::CloudFront::OriginAccessControl.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | OriginAccessControlConfig, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all origin_access_controls in a region.
SELECT
region,
id,
origin_access_control_config
FROM aws.cloudfront.origin_access_controls
;
Gets all properties from an individual origin_access_control.
SELECT
region,
id,
origin_access_control_config
FROM aws.cloudfront.origin_access_controls
WHERE data__Identifier = '<Id>';
INSERT example
Use the following StackQL query and manifest file to create a new origin_access_control resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.cloudfront.origin_access_controls (
OriginAccessControlConfig,
region
)
SELECT
'{{ OriginAccessControlConfig }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.cloudfront.origin_access_controls (
OriginAccessControlConfig,
region
)
SELECT
'{{ OriginAccessControlConfig }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: origin_access_control
props:
- name: OriginAccessControlConfig
value:
Description: '{{ Description }}'
Name: '{{ Name }}'
OriginAccessControlOriginType: '{{ OriginAccessControlOriginType }}'
SigningBehavior: '{{ SigningBehavior }}'
SigningProtocol: '{{ SigningProtocol }}'
DELETE example
/*+ delete */
DELETE FROM aws.cloudfront.origin_access_controls
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';
Permissions
To operate on the origin_access_controls resource, the following permissions are required:
Create
cloudfront:CreateOriginAccessControl
Delete
cloudfront:DeleteOriginAccessControl,
cloudfront:GetOriginAccessControl
List
cloudfront:ListOriginAccessControls
Read
cloudfront:GetOriginAccessControl
Update
cloudfront:UpdateOriginAccessControl,
cloudfront:GetOriginAccessControl