class OriginAccessIdentity (construct)

Language	Type name
.NET	Amazon.CDK.AWS.CloudFront.OriginAccessIdentity
Java	software.amazon.awscdk.services.cloudfront.OriginAccessIdentity
Python	aws_cdk.aws_cloudfront.OriginAccessIdentity
TypeScript (source)	@aws-cdk/aws-cloudfront » OriginAccessIdentity

Implements IConstruct, IConstruct, IDependable, IResource, IOriginAccessIdentity, IGrantable

An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as cloudfront from '@aws-cdk/aws-cloudfront';
const originAccessIdentity = new cloudfront.OriginAccessIdentity(this, 'MyOriginAccessIdentity', /* all optional props */ {
  comment: 'comment',
});

Initializer

new OriginAccessIdentity(scope: Construct, id: string, props?: OriginAccessIdentityProps)

Parameters

• scope Construct
• id string
• props OriginAccessIdentityProps

Construct Props

Name	Type	Description
comment?	string	Any comments you want to include about the origin access identity.

---

comment?

Type: string (optional, default: "Allows CloudFront to reach the bucket")

Any comments you want to include about the origin access identity.

Properties

Name	Type	Description
cloudFrontOriginAccessIdentityS3CanonicalUserId	string	The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.
env	ResourceEnvironment	The environment this resource belongs to.
grantPrincipal	IPrincipal	Derived principal value for bucket access.
node	ConstructNode	The construct tree node associated with this construct.
originAccessIdentityName	string	The Origin Access Identity Name (physical id).
stack	Stack	The stack in which this resource is defined.

---

cloudFrontOriginAccessIdentityS3CanonicalUserId

Type: string

The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.

---

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

---

grantPrincipal

Type: IPrincipal

Derived principal value for bucket access.

---

node

Type: ConstructNode

The construct tree node associated with this construct.

---

originAccessIdentityName

Type: string

The Origin Access Identity Name (physical id).

---

stack

Type: Stack

The stack in which this resource is defined.

Methods

Name	Description
applyRemovalPolicy(policy)	Apply the given removal policy to this resource.
toString()	Returns a string representation of this construct.
protected arn()	The ARN to include in S3 bucket policy to allow CloudFront access.
static fromOriginAccessIdentityName(scope, id, originAccessIdentityName)	Creates a OriginAccessIdentity by providing the OriginAccessIdentityName.

---

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

• policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

---

toString()

public toString(): string

Returns

• string

Returns a string representation of this construct.

---

protected arn()

protected arn(): string

Returns

• string

The ARN to include in S3 bucket policy to allow CloudFront access.

---

static fromOriginAccessIdentityName(scope, id, originAccessIdentityName)

public static fromOriginAccessIdentityName(scope: Construct, id: string, originAccessIdentityName: string): IOriginAccessIdentity

Parameters

• scope Construct
• id string
• originAccessIdentityName string

Returns

• IOriginAccessIdentity

Creates a OriginAccessIdentity by providing the OriginAccessIdentityName.