1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. cloudfront
  5. OriginAccessControl

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.cloudfront.OriginAccessControl

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin. This makes it possible to block public access to the origin, allowing viewers (users) to access the origin’s content only through CloudFront. For more information about using a CloudFront origin access control, see Restricting access to an origin in the Amazon CloudFront Developer Guide.

    Create OriginAccessControl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OriginAccessControl(name: string, args: OriginAccessControlArgs, opts?: CustomResourceOptions);
    @overload
    def OriginAccessControl(resource_name: str,
                            args: OriginAccessControlArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def OriginAccessControl(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            origin_access_control_config: Optional[OriginAccessControlConfigArgs] = None)
    func NewOriginAccessControl(ctx *Context, name string, args OriginAccessControlArgs, opts ...ResourceOption) (*OriginAccessControl, error)
    public OriginAccessControl(string name, OriginAccessControlArgs args, CustomResourceOptions? opts = null)
    public OriginAccessControl(String name, OriginAccessControlArgs args)
    public OriginAccessControl(String name, OriginAccessControlArgs args, CustomResourceOptions options)
    
    type: aws-native:cloudfront:OriginAccessControl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OriginAccessControlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OriginAccessControlArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OriginAccessControlArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OriginAccessControlArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OriginAccessControlArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    OriginAccessControl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The OriginAccessControl resource accepts the following input properties:

    originAccessControlConfig Property Map
    The origin access control.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OriginAccessControl resource produces the following output properties:

    AwsId string
    The unique identifier of the origin access control.
    Id string
    The provider-assigned unique ID for this managed resource.
    AwsId string
    The unique identifier of the origin access control.
    Id string
    The provider-assigned unique ID for this managed resource.
    awsId String
    The unique identifier of the origin access control.
    id String
    The provider-assigned unique ID for this managed resource.
    awsId string
    The unique identifier of the origin access control.
    id string
    The provider-assigned unique ID for this managed resource.
    aws_id str
    The unique identifier of the origin access control.
    id str
    The provider-assigned unique ID for this managed resource.
    awsId String
    The unique identifier of the origin access control.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    OriginAccessControlConfig, OriginAccessControlConfigArgs

    Name string
    A name to identify the origin access control. You can specify up to 64 characters.
    OriginAccessControlOriginType string
    The type of origin that this origin access control is for.
    SigningBehavior string
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    SigningProtocol string
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    Description string
    A description of the origin access control.
    Name string
    A name to identify the origin access control. You can specify up to 64 characters.
    OriginAccessControlOriginType string
    The type of origin that this origin access control is for.
    SigningBehavior string
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    SigningProtocol string
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    Description string
    A description of the origin access control.
    name String
    A name to identify the origin access control. You can specify up to 64 characters.
    originAccessControlOriginType String
    The type of origin that this origin access control is for.
    signingBehavior String
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    signingProtocol String
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    description String
    A description of the origin access control.
    name string
    A name to identify the origin access control. You can specify up to 64 characters.
    originAccessControlOriginType string
    The type of origin that this origin access control is for.
    signingBehavior string
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    signingProtocol string
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    description string
    A description of the origin access control.
    name str
    A name to identify the origin access control. You can specify up to 64 characters.
    origin_access_control_origin_type str
    The type of origin that this origin access control is for.
    signing_behavior str
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    signing_protocol str
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    description str
    A description of the origin access control.
    name String
    A name to identify the origin access control. You can specify up to 64 characters.
    originAccessControlOriginType String
    The type of origin that this origin access control is for.
    signingBehavior String
    Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:

    • always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists.
    • never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
    • no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.
    signingProtocol String
    The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.
    description String
    A description of the origin access control.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi