Overview

A config rule that checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured. This rule is NON_COMPLIANT if the CloudFront distribution is backed by Amazon S3 and any of Amazon S3 Origin type is not OAI configured.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloudfront-origin-access-identity-enabled
      Description: >-
        A config rule that checks that Amazon CloudFront distribution with
        Amazon S3 Origin type has Origin Access Identity (OAI) configured. This
        rule is NON_COMPLIANT if the CloudFront distribution is backed by Amazon
        S3 and any of Amazon S3 Origin type is n...
      Scope:
        ComplianceResourceTypes:
          - 'AWS::CloudFront::Distribution'
      Source:
        Owner: AWS
        SourceIdentifier: CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Rule Parameters

No rule paramters
 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation:

© 2020 asecurecloud Inc. All Rights Reserved.