Amazon CloudFront to Amazon S3 secured with OAC

Amazon CloudFront → Amazon S3

Create a CloudFront distribution with an S3 origin secured with origin access control (OAC).

This sample project demonstrates how to deploy a CloudFront distribution with an S3 origin that is secured with origin access control (OAC). Compared to the older origin access identity (OAI) method OAC offers enhanced security practices, comprehensive HTTP methods support, and supports objects encrypted with SSE-KMS.

This pattern deploys one CloudFront distribution and one S3 Bucket.

< Back to all patterns

Language:: YAML
Framework:: AWS SAM

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/cloudfront-s3-oac-sam

Deploy

sam deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: sam delete.

Additional resources

Amazon CloudFront introduces Origin Access Control (OAC)

Amazon CloudFront - Developer Guide - Restricting access to an Amazon S3 origin

Created by:

Nathan J. Lichtenstein

Never satisfied with the status quo, Nathan joined AWS as a Senior Solutions Architect in 2022. Based in NYC he loves all things cloud and networking.

Follow on LinkedIn