Origin Access Control

Origin Access Control (OAC) is a feature that allows securing S3 origins by permitting only CloudFront to access buckets. The biggest feature of using it is a reduction of number of request and data transfer from the S3 buckets. It also helps to serve from the nearest location instead of fetching it from the S3 bucket every time.
It saves the cost because it only fetches content from S3 when there’s no cache or it expires

How to setup OAC

To setup Origin Access Control, you have to setup a policy that allows CloudFront to automate requests to your origin

Example

resource "aws_cloudfront_origin_access_control" "example" {  
  name = "example"  
  description = "Example Policy"  
  origin_access_control_origin_type = "s3"  
  signing_behavior = "always"  
  signing_protocol = "sigv4"  
}

Source
CloudFront and Terraform Essentials

Function Junction

Explorer

Origin Access Control

How to setup OAC

Recent Notes

Ahoy, brave internet wanderer!

USA Wild West Camper Van

Switzerland 2025

Backlinks