Class OriginAccessIdentity
Creates an Amazon CloudFront origin access identity.
For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For more information on generating origin access identities, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var originAccessIdentity = new Aws.CloudFront.OriginAccessIdentity("originAccessIdentity", new Aws.CloudFront.OriginAccessIdentityArgs
{
Comment = "Some comment",
});
}
}
Using With CloudFront
Normally, when referencing an origin access identity in CloudFront, you need to
prefix the ID with the origin-access-identity/cloudfront/ special path.
The cloudfront_access_identity_path allows this to be circumvented.
The below snippet demonstrates use with the s3_origin_config structure for the
aws.cloudfront.Distribution resource:
using Pulumi;
class MyStack : Stack
{
public MyStack()
{
}
}
Updating your bucket policy
Note that the AWS API may translate the s3_canonical_user_id CanonicalUser
principal into an AWS IAM ARN principal when supplied in an
aws.s3.Bucket bucket policy, causing spurious diffs. If
you see this behaviour, use the iam_arn instead:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3Policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:GetObject",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_cloudfront_origin_access_identity.Origin_access_identity.Iam_arn,
},
Type = "AWS",
},
},
Resources =
{
$"{aws_s3_bucket.Example.Arn}/*",
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:ListBucket",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_cloudfront_origin_access_identity.Origin_access_identity.Iam_arn,
},
Type = "AWS",
},
},
Resources =
{
aws_s3_bucket.Example.Arn,
},
},
},
}));
var example = new Aws.S3.BucketPolicy("example", new Aws.S3.BucketPolicyArgs
{
Bucket = aws_s3_bucket.Example.Id,
Policy = s3Policy.Apply(s3Policy => s3Policy.Json),
});
}
}
Inherited Members
Namespace: Pulumi.Aws.CloudFront
Assembly: Pulumi.Aws.dll
Syntax
public class OriginAccessIdentity : CustomResourceConstructors
View SourceOriginAccessIdentity(String, OriginAccessIdentityArgs, CustomResourceOptions)
Create a OriginAccessIdentity resource with the given unique name, arguments, and options.
Declaration
public OriginAccessIdentity(string name, OriginAccessIdentityArgs args = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| OriginAccessIdentityArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceCallerReference
Internal value used by CloudFront to allow future updates to the origin access identity.
Declaration
public Output<string> CallerReference { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
CloudfrontAccessIdentityPath
A shortcut to the full path for the origin access identity to use in CloudFront, see below.
Declaration
public Output<string> CloudfrontAccessIdentityPath { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Comment
An optional comment for the origin access identity.
Declaration
public Output<string> Comment { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Etag
The current version of the origin access identity's information.
For example: E2QWRUHAPOMQZL.
Declaration
public Output<string> Etag { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
IamArn
A pre-generated ARN for use in S3 bucket policies (see below).
Example: arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2QWRUHAPOMQZL.
Declaration
public Output<string> IamArn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
S3CanonicalUserId
The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.
Declaration
public Output<string> S3CanonicalUserId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, OriginAccessIdentityState, CustomResourceOptions)
Get an existing OriginAccessIdentity resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static OriginAccessIdentity Get(string name, Input<string> id, OriginAccessIdentityState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| OriginAccessIdentityState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| OriginAccessIdentity |