A new AWS CDK L2 construct for Amazon CloudFront Origin Access Control (OAC)

DevOps & Developer Productivity Blog

This article introduces a new AWS Cloud Development Kit (CDK) Level 2 construct for Amazon CloudFront Origin Access Control (OAC). OAC is a recommended way to secure Amazon S3 CloudFront origins, offering additional security features compared to the legacy Origin Access Identity (OAI).

Specifically, the article covers:

Background on CloudFront, S3 origins, and the benefits of using OAC over OAI
How to use the new L2 OAC construct with examples for standard S3 origins and customer-managed KMS encryption
Considerations for migrating from OAI to OAC using the new construct, including a multi-step deployment process to avoid downtime
Conclusion highlighting the key benefits of the new OAC construct, such as simplified configuration, KMS support, customization options, and easier migration from OAI

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jan 29
2025

Announcing the AWS CDK Glue L2 Construct

Mar 27
2025

Announcing the AWS CDK L2 Construct for Amazon Cognito Identity Pools

Feb 17
2025

AWS CDK releases L2 construct support for Amazon Data Firehose delivery streams

Jun 19
2025

Announcing the new AWS CDK EKS v2 L2 Constructs

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

A new AWS CDK L2 construct for Amazon CloudFront Origin Access Control (OAC)

Related articles