CloudFront Origin Access Identity Enabled

A config rule that checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured. This rule is NON_COMPLIANT if the CloudFront distribution is backed by Amazon S3 and any of Amazon S3 Origin type is not OAI configured.