class OriginAccessIdentity (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.CloudFront.OriginAccessIdentity |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#OriginAccessIdentity |
 Java | software.amazon.awscdk.services.cloudfront.OriginAccessIdentity |
 Python | aws_cdk.aws_cloudfront.OriginAccessIdentity |
 TypeScript (source) | aws-cdk-lib » aws_cloudfront » OriginAccessIdentity |
Implements
IConstruct, IDependable, IResource, IOrigin, IGrantable
An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content.
Example
const myBucket = new s3.Bucket(this, 'myBucket');
const myOai = new cloudfront.OriginAccessIdentity(this, 'myOAI', {
comment: 'My custom OAI'
});
const s3Origin = origins.S3BucketOrigin.withOriginAccessIdentity(myBucket, {
originAccessIdentity: myOai
});
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: {
origin: s3Origin
},
});
Initializer
new OriginAccessIdentity(scope: Construct, id: string, props?: OriginAccessIdentityProps)
Parameters
- scope
Construct - id
string - props
OriginAccess Identity Props
Construct Props
| Name | Type | Description |
|---|---|---|
| comment? | string | Any comments you want to include about the origin access identity. |
comment?
Type:
string
(optional, default: "Allows CloudFront to reach the bucket")
Any comments you want to include about the origin access identity.
Properties
| Name | Type | Description |
|---|---|---|
| cloud | string | The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. |
| env | Resource | The environment this resource belongs to. |
| grant | IPrincipal | Derived principal value for bucket access. |
| node | Node | The tree node. |
| origin | string | The Origin Access Identity Id (physical id) This was called originAccessIdentityName before. |
| origin | string | The Origin Access Identity Id (physical id) It is misnamed and superseded by the correctly named originAccessIdentityId. |
| stack | Stack | The stack in which this resource is defined. |
cloudFrontOriginAccessIdentityS3CanonicalUserId
Type:
string
The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
grantPrincipal
Type:
IPrincipal
Derived principal value for bucket access.
node
Type:
Node
The tree node.
originAccessIdentityId
Type:
string
The Origin Access Identity Id (physical id) This was called originAccessIdentityName before.
originAccessIdentityName
⚠️ Deprecated: use originAccessIdentityId instead
Type:
string
The Origin Access Identity Id (physical id) It is misnamed and superseded by the correctly named originAccessIdentityId.
stack
Type:
Stack
The stack in which this resource is defined.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| to | Returns a string representation of this construct. |
| protected arn() | The ARN to include in S3 bucket policy to allow CloudFront access. |
| static from | Creates a OriginAccessIdentity by providing the OriginAccessIdentityId. |
| static from | Creates a OriginAccessIdentity by providing the OriginAccessIdentityId. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
protected arn()
protected arn(): string
Returns
string
The ARN to include in S3 bucket policy to allow CloudFront access.
static fromOriginAccessIdentityId(scope, id, originAccessIdentityId)
public static fromOriginAccessIdentityId(scope: Construct, id: string, originAccessIdentityId: string): IOriginAccessIdentity
Parameters
- scope
Construct - id
string - originAccessIdentityId
string
Returns
Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.
static fromOriginAccessIdentityName(scope, id, originAccessIdentityName)
public static fromOriginAccessIdentityName(scope: Construct, id: string, originAccessIdentityName: string): IOriginAccessIdentity
⚠️ Deprecated: use fromOriginAccessIdentityId
Parameters
- scope
Construct - id
string - originAccessIdentityName
string
Returns
Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.
It is misnamed and superseded by the correctly named fromOriginAccessIdentityId.