Articles → AWS → Origin Access Identity And Origin Access Control In AWS Cloudfront

Origin Access Identity And Origin Access Control In AWS Cloudfront

In this article, we will discuss the Origin Access Identity and Origin Access Control in AWS CloudFront.

Origin Access Identity

The Origin Access identity helps to secure the content of the origin server so that only CloudFront can access it.

There are certain limitations in Origin Access Identity that the Origin Access Control does not have.

Security → OAC is implemented with enhanced security practices like short-term credentials, frequent credential rotations, and resource-based policies
HTTP methods support → OAC supports GET, PUT, POST, PATCH, DELETE, OPTIONS, and HEAD
SSE-KMS → OAC supports downloading and uploading S3 objects encrypted with SSE-KMS
Access S3 in all AWS regions → OAC supports accessing S3 in all AWS regions, including existing regions and all future regions

To Add the origin access control, click on the Origin access link in the CloudFront module.

A screen will appear on the right-hand side, enter the details and click on the Create button to create the origin access control.

Query/Feedback