aws-cdk-lib.aws_cloudfront.OriginAccessIdentity

class OriginAccessIdentity (construct)

LanguageType name
.NETAmazon.CDK.AWS.CloudFront.OriginAccessIdentity
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#OriginAccessIdentity
Javasoftware.amazon.awscdk.services.cloudfront.OriginAccessIdentity
Pythonaws_cdk.aws_cloudfront.OriginAccessIdentity
TypeScript (source)aws-cdk-lib » aws_cloudfront » OriginAccessIdentity

Implements IConstruct, IDependable, IResource, IOriginAccessIdentity, IGrantable

An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cloudfront as cloudfront } from 'aws-cdk-lib';
const originAccessIdentity = new cloudfront.OriginAccessIdentity(this, 'MyOriginAccessIdentity', /* all optional props */ {
  comment: 'comment',
});

Initializer

new OriginAccessIdentity(scope: Construct, id: string, props?: OriginAccessIdentityProps)

Parameters

  • scope Construct
  • id string
  • props OriginAccessIdentityProps

Construct Props

NameTypeDescription
comment?stringAny comments you want to include about the origin access identity.

comment?

Type: string (optional, default: "Allows CloudFront to reach the bucket")

Any comments you want to include about the origin access identity.

Properties

NameTypeDescription
cloudFrontOriginAccessIdentityS3CanonicalUserIdstringThe Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.
envResourceEnvironmentThe environment this resource belongs to.
grantPrincipalIPrincipalDerived principal value for bucket access.
nodeNodeThe tree node.
originAccessIdentityIdstringThe Origin Access Identity Id (physical id) This was called originAccessIdentityName before.
originAccessIdentityName⚠️stringThe Origin Access Identity Id (physical id) It is misnamed and superseded by the correctly named originAccessIdentityId.
stackStackThe stack in which this resource is defined.

cloudFrontOriginAccessIdentityS3CanonicalUserId

Type: string

The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


grantPrincipal

Type: IPrincipal

Derived principal value for bucket access.


node

Type: Node

The tree node.


originAccessIdentityId

Type: string

The Origin Access Identity Id (physical id) This was called originAccessIdentityName before.


originAccessIdentityName⚠️

⚠️ Deprecated: use originAccessIdentityId instead

Type: string

The Origin Access Identity Id (physical id) It is misnamed and superseded by the correctly named originAccessIdentityId.


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.
protected arn()The ARN to include in S3 bucket policy to allow CloudFront access.
static fromOriginAccessIdentityId(scope, id, originAccessIdentityId)Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.
static fromOriginAccessIdentityName(scope, id, originAccessIdentityName)⚠️Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


protected arn()

protected arn(): string

Returns

  • string

The ARN to include in S3 bucket policy to allow CloudFront access.


static fromOriginAccessIdentityId(scope, id, originAccessIdentityId)

public static fromOriginAccessIdentityId(scope: Construct, id: string, originAccessIdentityId: string): IOriginAccessIdentity

Parameters

  • scope Construct
  • id string
  • originAccessIdentityId string

Returns

  • IOriginAccessIdentity

Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.


static fromOriginAccessIdentityName(scope, id, originAccessIdentityName)⚠️

public static fromOriginAccessIdentityName(scope: Construct, id: string, originAccessIdentityName: string): IOriginAccessIdentity

⚠️ Deprecated: use fromOriginAccessIdentityId

Parameters

  • scope Construct
  • id string
  • originAccessIdentityName string

Returns

  • IOriginAccessIdentity

Creates a OriginAccessIdentity by providing the OriginAccessIdentityId.

It is misnamed and superseded by the correctly named fromOriginAccessIdentityId.