How to add Origin Access Identity to distribution?
Question
AWS have updated their ui but not documentatio/videos for it. All docs specifying that you can you can choose OAI in Distribution > Edit > Origins and Origins Groups. But that fields doesn't exist there anymore.
UI or CLI way to update it would be appreciated.
2 answers
solution1
0 2021-01-21 21:24:42
This works in the UI:
- Go to CloudFront and select your distribution
- Choose the tab "Origins and Origin Groups"
- Create origin / select the existing origin
- Select an S3 bucket as "Origin Domain Name"
- Choose "yes" for the option Restrict Bucket Access
- Create a New Identity (for a new OAI) or use an existing one
- Optionally "Grant Read Permissions on Bucket" for the OAI.
solution2
0 2021-07-25 18:42:40
Make sure you have identity to assign 1st. Go there, create one or plan to re-use already created if you have any.
Then go to your distributions, select origin you want to update & go into edit form. Select to us origin access identity (OAI). and if you want CloudFront to update your S3 policy, select yes to update the bucket policy
After saving this, you can go to S3's bucket and inside Permissions tab scroll to Bucket Policy, it should mention something about origin access identity (OAI).
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2LNLBSIODD9DQ"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::demo-s3-cdn/*"
}
]
}
This view is inside S3 bucket Permissions tab:
By the way, CloudFormation does not support this, at least for now.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.