cloud_front_origin_access_identities
Creates, updates, deletes or gets a cloud_front_origin_access_identity resource or lists cloud_front_origin_access_identities in a region
Overview
| Name | cloud_front_origin_access_identities |
| Type | Resource |
| Description | The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide*. |
| Id | awscc.cloudfront.cloud_front_origin_access_identities |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
cloud_front_origin_access_identity_config | object | The current configuration information for the identity. |
id | string | |
s3_canonical_user_id | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
id | string | |
region | string | AWS region. |
For more information, see AWS::CloudFront::CloudFrontOriginAccessIdentity.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | cloud_front_origin_access_identities | INSERT | CloudFrontOriginAccessIdentityConfig, region |
delete_resource | cloud_front_origin_access_identities | DELETE | Identifier, region |
update_resource | cloud_front_origin_access_identities | UPDATE | Identifier, PatchDocument, region |
list_resources | cloud_front_origin_access_identities_list_only | SELECT | region |
get_resource | cloud_front_origin_access_identities | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual cloud_front_origin_access_identity.
SELECT
region,
cloud_front_origin_access_identity_config,
id,
s3_canonical_user_id
FROM awscc.cloudfront.cloud_front_origin_access_identities
WHERE
region = 'us-east-1' AND
Identifier = '{{ id }}';
Lists all cloud_front_origin_access_identities in a region.
SELECT
region,
id
FROM awscc.cloudfront.cloud_front_origin_access_identities_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new cloud_front_origin_access_identity resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.cloudfront.cloud_front_origin_access_identities (
CloudFrontOriginAccessIdentityConfig,
region
)
SELECT
'{{ cloud_front_origin_access_identity_config }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.cloudfront.cloud_front_origin_access_identities (
CloudFrontOriginAccessIdentityConfig,
region
)
SELECT
'{{ cloud_front_origin_access_identity_config }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: cloud_front_origin_access_identity
props:
- name: cloud_front_origin_access_identity_config
value:
comment: '{{ comment }}'
UPDATE example
Use the following StackQL query and manifest file to update a cloud_front_origin_access_identity resource, using stack-deploy.
/*+ update */
UPDATE awscc.cloudfront.cloud_front_origin_access_identities
SET PatchDocument = string('{{ {
"CloudFrontOriginAccessIdentityConfig": cloud_front_origin_access_identity_config
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.cloudfront.cloud_front_origin_access_identities
WHERE
Identifier = '{{ id }}' AND
region = 'us-east-1';
Permissions
To operate on the cloud_front_origin_access_identities resource, the following permissions are required:
- Create
- Delete
- List
- Read
- Update
cloudfront:CreateCloudFrontOriginAccessIdentity
cloudfront:DeleteCloudFrontOriginAccessIdentity,
cloudfront:GetCloudFrontOriginAccessIdentity
cloudfront:ListCloudFrontOriginAccessIdentities
cloudfront:GetCloudFrontOriginAccessIdentity
cloudfront:UpdateCloudFrontOriginAccessIdentity,
cloudfront:GetCloudFrontOriginAccessIdentity