AWS have updated their ui but not documentatio/videos for it. All docs specifying that you can you can choose OAI in Distribution > Edit > Origins and Origins Groups. But that fields doesn't exist there anymore.
UI or CLI way to update it would be appreciated.
This works in the UI:
Make sure you have identity to assign 1st. Go there, create one or plan to re-use already created if you have any.
Then go to your distributions, select origin you want to update & go into edit form. Select to us origin access identity (OAI). and if you want CloudFront to update your S3 policy, select yes to update the bucket policy
After saving this, you can go to S3's bucket and inside Permissions tab scroll to Bucket Policy, it should mention something about origin access identity (OAI).
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2LNLBSIODD9DQ"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::demo-s3-cdn/*"
}
]
}
This view is inside S3 bucket Permissions tab:
By the way, CloudFormation does not support this, at least for now.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.