@aws-solutions-constructs/aws-cloudfront-s3 2.46.0 → 2.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/.eslintignore +2 -2
  2. package/.jsii +61 -24
  3. package/README.md +7 -6
  4. package/lib/index.d.ts +1 -0
  5. package/lib/index.js +70 -8
  6. package/package.json +7 -5
  7. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +958 -0
  8. package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +44 -0
  9. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +592 -0
  10. package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +39 -0
  11. package/test/integ.cfts3-bucket-with-http-origin.d.ts +13 -0
  12. package/test/integ.cfts3-bucket-with-http-origin.expected.json +559 -0
  13. package/test/integ.cfts3-bucket-with-http-origin.js +44 -0
  14. package/test/integ.cfts3-cmk-encryption.expected.json +527 -0
  15. package/test/integ.cfts3-cmk-provided-as-bucket-prop.d.ts +13 -0
  16. package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +958 -0
  17. package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +41 -0
  18. package/test/integ.cfts3-custom-headers.expected.json +307 -27
  19. package/test/integ.cfts3-custom-headers.js +6 -2
  20. package/test/integ.cfts3-custom-originPath.expected.json +307 -27
  21. package/test/integ.cfts3-custom-originPath.js +6 -2
  22. package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +54 -23
  23. package/test/integ.cfts3-customLoggingBuckets.d.ts +13 -0
  24. package/test/{integ.cfts3-customLoggingBucket.expected.json → integ.cfts3-customLoggingBuckets.expected.json} +285 -31
  25. package/test/integ.cfts3-customLoggingBuckets.js +58 -0
  26. package/test/integ.cfts3-existing-bucket.expected.json +493 -80
  27. package/test/integ.cfts3-existing-bucket.js +2 -2
  28. package/test/integ.cfts3-no-arguments.expected.json +430 -27
  29. package/test/integ.cfts3-no-arguments.js +5 -2
  30. package/test/integ.cfts3-no-security-headers.expected.json +307 -27
  31. package/test/integ.cfts3-no-security-headers.js +5 -1
  32. package/test/test.cloudfront-s3.test.js +149 -28
  33. package/test/integ.cfts3-customCloudFrontLoggingBucket.js +0 -39
  34. package/test/integ.cfts3-customLoggingBucket.js +0 -42
  35. /package/test/{integ.cfts3-customCloudFrontLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.d.ts} +0 -0
  36. /package/test/{integ.cfts3-customLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts} +0 -0
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "Resources": {
3
- "scrapBucketB11863B7": {
3
+ "scrapBucketLog7B53B25C": {
4
4
  "Type": "AWS::S3::Bucket",
5
5
  "Properties": {
6
6
  "BucketEncryption": {
@@ -27,30 +27,56 @@
27
27
  "Metadata": {
28
28
  "cfn_nag": {
29
29
  "rules_to_suppress": [
30
- {
31
- "id": "W51",
32
- "reason": "This S3 bucket is created for unit/ integration testing purposes only and not part of the actual construct implementation"
33
- },
34
30
  {
35
31
  "id": "W35",
36
- "reason": "This S3 bucket is created for unit/ integration testing purposes only and not part of the actual construct implementation"
37
- },
38
- {
39
- "id": "W41",
40
- "reason": "This S3 bucket is created for unit/ integration testing purposes only and not part of the actual construct"
32
+ "reason": "This is a log bucket"
41
33
  }
42
34
  ]
43
35
  }
44
36
  }
45
37
  },
46
- "scrapBucketPolicy189B0607": {
38
+ "scrapBucketLogPolicy2972C573": {
47
39
  "Type": "AWS::S3::BucketPolicy",
48
40
  "Properties": {
49
41
  "Bucket": {
50
- "Ref": "scrapBucketB11863B7"
42
+ "Ref": "scrapBucketLog7B53B25C"
51
43
  },
52
44
  "PolicyDocument": {
53
45
  "Statement": [
46
+ {
47
+ "Action": "s3:*",
48
+ "Condition": {
49
+ "Bool": {
50
+ "aws:SecureTransport": "false"
51
+ }
52
+ },
53
+ "Effect": "Deny",
54
+ "Principal": {
55
+ "AWS": "*"
56
+ },
57
+ "Resource": [
58
+ {
59
+ "Fn::GetAtt": [
60
+ "scrapBucketLog7B53B25C",
61
+ "Arn"
62
+ ]
63
+ },
64
+ {
65
+ "Fn::Join": [
66
+ "",
67
+ [
68
+ {
69
+ "Fn::GetAtt": [
70
+ "scrapBucketLog7B53B25C",
71
+ "Arn"
72
+ ]
73
+ },
74
+ "/*"
75
+ ]
76
+ ]
77
+ }
78
+ ]
79
+ },
54
80
  {
55
81
  "Action": [
56
82
  "s3:PutBucketPolicy",
@@ -70,7 +96,7 @@
70
96
  "Resource": [
71
97
  {
72
98
  "Fn::GetAtt": [
73
- "scrapBucketB11863B7",
99
+ "scrapBucketLog7B53B25C",
74
100
  "Arn"
75
101
  ]
76
102
  },
@@ -80,7 +106,7 @@
80
106
  [
81
107
  {
82
108
  "Fn::GetAtt": [
83
- "scrapBucketB11863B7",
109
+ "scrapBucketLog7B53B25C",
84
110
  "Arn"
85
111
  ]
86
112
  },
@@ -91,41 +117,25 @@
91
117
  ]
92
118
  },
93
119
  {
94
- "Action": "s3:GetObject",
95
- "Effect": "Allow",
96
- "Principal": {
97
- "CanonicalUser": {
98
- "Fn::GetAtt": [
99
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
100
- "S3CanonicalUserId"
101
- ]
120
+ "Action": "s3:PutObject",
121
+ "Condition": {
122
+ "ArnLike": {
123
+ "aws:SourceArn": {
124
+ "Fn::GetAtt": [
125
+ "scrapBucketB11863B7",
126
+ "Arn"
127
+ ]
128
+ }
129
+ },
130
+ "StringEquals": {
131
+ "aws:SourceAccount": {
132
+ "Ref": "AWS::AccountId"
133
+ }
102
134
  }
103
135
  },
104
- "Resource": {
105
- "Fn::Join": [
106
- "",
107
- [
108
- {
109
- "Fn::GetAtt": [
110
- "scrapBucketB11863B7",
111
- "Arn"
112
- ]
113
- },
114
- "/*"
115
- ]
116
- ]
117
- }
118
- },
119
- {
120
- "Action": "s3:GetObject",
121
136
  "Effect": "Allow",
122
137
  "Principal": {
123
- "CanonicalUser": {
124
- "Fn::GetAtt": [
125
- "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65",
126
- "S3CanonicalUserId"
127
- ]
128
- }
138
+ "Service": "logging.s3.amazonaws.com"
129
139
  },
130
140
  "Resource": {
131
141
  "Fn::Join": [
@@ -133,7 +143,7 @@
133
143
  [
134
144
  {
135
145
  "Fn::GetAtt": [
136
- "scrapBucketB11863B7",
146
+ "scrapBucketLog7B53B25C",
137
147
  "Arn"
138
148
  ]
139
149
  },
@@ -145,19 +155,9 @@
145
155
  ],
146
156
  "Version": "2012-10-17"
147
157
  }
148
- },
149
- "Metadata": {
150
- "cfn_nag": {
151
- "rules_to_suppress": [
152
- {
153
- "id": "F16",
154
- "reason": "Public website bucket policy requires a wildcard principal"
155
- }
156
- ]
157
- }
158
158
  }
159
159
  },
160
- "scrapBucketAutoDeleteObjectsCustomResourceFFFC3275": {
160
+ "scrapBucketLogAutoDeleteObjectsCustomResource307F3D47": {
161
161
  "Type": "Custom::S3AutoDeleteObjects",
162
162
  "Properties": {
163
163
  "ServiceToken": {
@@ -167,11 +167,11 @@
167
167
  ]
168
168
  },
169
169
  "BucketName": {
170
- "Ref": "scrapBucketB11863B7"
170
+ "Ref": "scrapBucketLog7B53B25C"
171
171
  }
172
172
  },
173
173
  "DependsOn": [
174
- "scrapBucketPolicy189B0607"
174
+ "scrapBucketLogPolicy2972C573"
175
175
  ],
176
176
  "UpdateReplacePolicy": "Delete",
177
177
  "DeletionPolicy": "Delete"
@@ -223,7 +223,7 @@
223
223
  [
224
224
  "Lambda function for auto-deleting objects in ",
225
225
  {
226
- "Ref": "scrapBucketB11863B7"
226
+ "Ref": "scrapBucketLog7B53B25C"
227
227
  },
228
228
  " S3 bucket."
229
229
  ]
@@ -252,6 +252,217 @@
252
252
  }
253
253
  }
254
254
  },
255
+ "scrapBucketB11863B7": {
256
+ "Type": "AWS::S3::Bucket",
257
+ "Properties": {
258
+ "BucketEncryption": {
259
+ "ServerSideEncryptionConfiguration": [
260
+ {
261
+ "ServerSideEncryptionByDefault": {
262
+ "SSEAlgorithm": "AES256"
263
+ }
264
+ }
265
+ ]
266
+ },
267
+ "LoggingConfiguration": {
268
+ "DestinationBucketName": {
269
+ "Ref": "scrapBucketLog7B53B25C"
270
+ }
271
+ },
272
+ "Tags": [
273
+ {
274
+ "Key": "aws-cdk:auto-delete-objects",
275
+ "Value": "true"
276
+ }
277
+ ],
278
+ "VersioningConfiguration": {
279
+ "Status": "Enabled"
280
+ }
281
+ },
282
+ "UpdateReplacePolicy": "Delete",
283
+ "DeletionPolicy": "Delete"
284
+ },
285
+ "scrapBucketPolicy189B0607": {
286
+ "Type": "AWS::S3::BucketPolicy",
287
+ "Properties": {
288
+ "Bucket": {
289
+ "Ref": "scrapBucketB11863B7"
290
+ },
291
+ "PolicyDocument": {
292
+ "Statement": [
293
+ {
294
+ "Action": "s3:*",
295
+ "Condition": {
296
+ "Bool": {
297
+ "aws:SecureTransport": "false"
298
+ }
299
+ },
300
+ "Effect": "Deny",
301
+ "Principal": {
302
+ "AWS": "*"
303
+ },
304
+ "Resource": [
305
+ {
306
+ "Fn::GetAtt": [
307
+ "scrapBucketB11863B7",
308
+ "Arn"
309
+ ]
310
+ },
311
+ {
312
+ "Fn::Join": [
313
+ "",
314
+ [
315
+ {
316
+ "Fn::GetAtt": [
317
+ "scrapBucketB11863B7",
318
+ "Arn"
319
+ ]
320
+ },
321
+ "/*"
322
+ ]
323
+ ]
324
+ }
325
+ ]
326
+ },
327
+ {
328
+ "Action": [
329
+ "s3:PutBucketPolicy",
330
+ "s3:GetBucket*",
331
+ "s3:List*",
332
+ "s3:DeleteObject*"
333
+ ],
334
+ "Effect": "Allow",
335
+ "Principal": {
336
+ "AWS": {
337
+ "Fn::GetAtt": [
338
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
339
+ "Arn"
340
+ ]
341
+ }
342
+ },
343
+ "Resource": [
344
+ {
345
+ "Fn::GetAtt": [
346
+ "scrapBucketB11863B7",
347
+ "Arn"
348
+ ]
349
+ },
350
+ {
351
+ "Fn::Join": [
352
+ "",
353
+ [
354
+ {
355
+ "Fn::GetAtt": [
356
+ "scrapBucketB11863B7",
357
+ "Arn"
358
+ ]
359
+ },
360
+ "/*"
361
+ ]
362
+ ]
363
+ }
364
+ ]
365
+ },
366
+ {
367
+ "Action": "s3:GetObject",
368
+ "Condition": {
369
+ "StringEquals": {
370
+ "AWS:SourceArn": {
371
+ "Fn::Join": [
372
+ "",
373
+ [
374
+ "arn:aws:cloudfront::",
375
+ {
376
+ "Ref": "AWS::AccountId"
377
+ },
378
+ ":distribution/",
379
+ {
380
+ "Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
381
+ }
382
+ ]
383
+ ]
384
+ }
385
+ }
386
+ },
387
+ "Effect": "Allow",
388
+ "Principal": {
389
+ "Service": "cloudfront.amazonaws.com"
390
+ },
391
+ "Resource": {
392
+ "Fn::Join": [
393
+ "",
394
+ [
395
+ {
396
+ "Fn::GetAtt": [
397
+ "scrapBucketB11863B7",
398
+ "Arn"
399
+ ]
400
+ },
401
+ "/*"
402
+ ]
403
+ ]
404
+ }
405
+ },
406
+ {
407
+ "Action": "s3:GetObject",
408
+ "Effect": "Allow",
409
+ "Principal": {
410
+ "CanonicalUser": {
411
+ "Fn::GetAtt": [
412
+ "testcloudfronts3CloudFrontDistributionOrigin2S3OriginC54B5C65",
413
+ "S3CanonicalUserId"
414
+ ]
415
+ }
416
+ },
417
+ "Resource": {
418
+ "Fn::Join": [
419
+ "",
420
+ [
421
+ {
422
+ "Fn::GetAtt": [
423
+ "scrapBucketB11863B7",
424
+ "Arn"
425
+ ]
426
+ },
427
+ "/*"
428
+ ]
429
+ ]
430
+ }
431
+ }
432
+ ],
433
+ "Version": "2012-10-17"
434
+ }
435
+ },
436
+ "Metadata": {
437
+ "cfn_nag": {
438
+ "rules_to_suppress": [
439
+ {
440
+ "id": "F16",
441
+ "reason": "Public website bucket policy requires a wildcard principal"
442
+ }
443
+ ]
444
+ }
445
+ }
446
+ },
447
+ "scrapBucketAutoDeleteObjectsCustomResourceFFFC3275": {
448
+ "Type": "Custom::S3AutoDeleteObjects",
449
+ "Properties": {
450
+ "ServiceToken": {
451
+ "Fn::GetAtt": [
452
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
453
+ "Arn"
454
+ ]
455
+ },
456
+ "BucketName": {
457
+ "Ref": "scrapBucketB11863B7"
458
+ }
459
+ },
460
+ "DependsOn": [
461
+ "scrapBucketPolicy189B0607"
462
+ ],
463
+ "UpdateReplacePolicy": "Delete",
464
+ "DeletionPolicy": "Delete"
465
+ },
255
466
  "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
256
467
  "Type": "AWS::CloudFront::Function",
257
468
  "Properties": {
@@ -264,10 +475,9 @@
264
475
  "Name": "SetHttpSecurityHeadersc8321a2c9fa54d380831d390bfbd7aff27f99fd427"
265
476
  }
266
477
  },
267
- "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
478
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
268
479
  "Type": "AWS::S3::Bucket",
269
480
  "Properties": {
270
- "AccessControl": "LogDeliveryWrite",
271
481
  "BucketEncryption": {
272
482
  "ServerSideEncryptionConfiguration": [
273
483
  {
@@ -307,12 +517,197 @@
307
517
  "rules_to_suppress": [
308
518
  {
309
519
  "id": "W35",
310
- "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
520
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
311
521
  }
312
522
  ]
313
523
  }
314
524
  }
315
525
  },
526
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
527
+ "Type": "AWS::S3::BucketPolicy",
528
+ "Properties": {
529
+ "Bucket": {
530
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
531
+ },
532
+ "PolicyDocument": {
533
+ "Statement": [
534
+ {
535
+ "Action": "s3:*",
536
+ "Condition": {
537
+ "Bool": {
538
+ "aws:SecureTransport": "false"
539
+ }
540
+ },
541
+ "Effect": "Deny",
542
+ "Principal": {
543
+ "AWS": "*"
544
+ },
545
+ "Resource": [
546
+ {
547
+ "Fn::GetAtt": [
548
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
549
+ "Arn"
550
+ ]
551
+ },
552
+ {
553
+ "Fn::Join": [
554
+ "",
555
+ [
556
+ {
557
+ "Fn::GetAtt": [
558
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
559
+ "Arn"
560
+ ]
561
+ },
562
+ "/*"
563
+ ]
564
+ ]
565
+ }
566
+ ]
567
+ },
568
+ {
569
+ "Action": [
570
+ "s3:PutBucketPolicy",
571
+ "s3:GetBucket*",
572
+ "s3:List*",
573
+ "s3:DeleteObject*"
574
+ ],
575
+ "Effect": "Allow",
576
+ "Principal": {
577
+ "AWS": {
578
+ "Fn::GetAtt": [
579
+ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
580
+ "Arn"
581
+ ]
582
+ }
583
+ },
584
+ "Resource": [
585
+ {
586
+ "Fn::GetAtt": [
587
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
588
+ "Arn"
589
+ ]
590
+ },
591
+ {
592
+ "Fn::Join": [
593
+ "",
594
+ [
595
+ {
596
+ "Fn::GetAtt": [
597
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
598
+ "Arn"
599
+ ]
600
+ },
601
+ "/*"
602
+ ]
603
+ ]
604
+ }
605
+ ]
606
+ },
607
+ {
608
+ "Action": "s3:PutObject",
609
+ "Condition": {
610
+ "ArnLike": {
611
+ "aws:SourceArn": {
612
+ "Fn::GetAtt": [
613
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
614
+ "Arn"
615
+ ]
616
+ }
617
+ },
618
+ "StringEquals": {
619
+ "aws:SourceAccount": {
620
+ "Ref": "AWS::AccountId"
621
+ }
622
+ }
623
+ },
624
+ "Effect": "Allow",
625
+ "Principal": {
626
+ "Service": "logging.s3.amazonaws.com"
627
+ },
628
+ "Resource": {
629
+ "Fn::Join": [
630
+ "",
631
+ [
632
+ {
633
+ "Fn::GetAtt": [
634
+ "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
635
+ "Arn"
636
+ ]
637
+ },
638
+ "/*"
639
+ ]
640
+ ]
641
+ }
642
+ }
643
+ ],
644
+ "Version": "2012-10-17"
645
+ }
646
+ }
647
+ },
648
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
649
+ "Type": "Custom::S3AutoDeleteObjects",
650
+ "Properties": {
651
+ "ServiceToken": {
652
+ "Fn::GetAtt": [
653
+ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
654
+ "Arn"
655
+ ]
656
+ },
657
+ "BucketName": {
658
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
659
+ }
660
+ },
661
+ "DependsOn": [
662
+ "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
663
+ ],
664
+ "UpdateReplacePolicy": "Delete",
665
+ "DeletionPolicy": "Delete"
666
+ },
667
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
668
+ "Type": "AWS::S3::Bucket",
669
+ "Properties": {
670
+ "AccessControl": "LogDeliveryWrite",
671
+ "BucketEncryption": {
672
+ "ServerSideEncryptionConfiguration": [
673
+ {
674
+ "ServerSideEncryptionByDefault": {
675
+ "SSEAlgorithm": "AES256"
676
+ }
677
+ }
678
+ ]
679
+ },
680
+ "LoggingConfiguration": {
681
+ "DestinationBucketName": {
682
+ "Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
683
+ }
684
+ },
685
+ "OwnershipControls": {
686
+ "Rules": [
687
+ {
688
+ "ObjectOwnership": "ObjectWriter"
689
+ }
690
+ ]
691
+ },
692
+ "PublicAccessBlockConfiguration": {
693
+ "BlockPublicAcls": true,
694
+ "BlockPublicPolicy": true,
695
+ "IgnorePublicAcls": true,
696
+ "RestrictPublicBuckets": true
697
+ },
698
+ "Tags": [
699
+ {
700
+ "Key": "aws-cdk:auto-delete-objects",
701
+ "Value": "true"
702
+ }
703
+ ],
704
+ "VersioningConfiguration": {
705
+ "Status": "Enabled"
706
+ }
707
+ },
708
+ "UpdateReplacePolicy": "Delete",
709
+ "DeletionPolicy": "Delete"
710
+ },
316
711
  "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
317
712
  "Type": "AWS::S3::BucketPolicy",
318
713
  "Properties": {
@@ -418,11 +813,35 @@
418
813
  "UpdateReplacePolicy": "Delete",
419
814
  "DeletionPolicy": "Delete"
420
815
  },
421
- "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": {
422
- "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
816
+ "testcloudfronts3CloudFrontOac7A951AA6": {
817
+ "Type": "AWS::CloudFront::OriginAccessControl",
423
818
  "Properties": {
424
- "CloudFrontOriginAccessIdentityConfig": {
425
- "Comment": "Identity for cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F"
819
+ "OriginAccessControlConfig": {
820
+ "Description": "Origin access control provisioned by aws-cloudfront-s3",
821
+ "Name": {
822
+ "Fn::Join": [
823
+ "",
824
+ [
825
+ "aws-cloudfront-s3-testnt-s3-",
826
+ {
827
+ "Fn::Select": [
828
+ 2,
829
+ {
830
+ "Fn::Split": [
831
+ "/",
832
+ {
833
+ "Ref": "AWS::StackId"
834
+ }
835
+ ]
836
+ }
837
+ ]
838
+ }
839
+ ]
840
+ ]
841
+ },
842
+ "OriginAccessControlOriginType": "s3",
843
+ "SigningBehavior": "always",
844
+ "SigningProtocol": "sigv4"
426
845
  }
427
846
  }
428
847
  },
@@ -479,19 +898,13 @@
479
898
  ]
480
899
  },
481
900
  "Id": "cfts3existingbuckettestcloudfronts3CloudFrontDistributionOrigin10617473F",
482
- "S3OriginConfig": {
483
- "OriginAccessIdentity": {
484
- "Fn::Join": [
485
- "",
486
- [
487
- "origin-access-identity/cloudfront/",
488
- {
489
- "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
490
- }
491
- ]
492
- ]
493
- }
494
- }
901
+ "OriginAccessControlId": {
902
+ "Fn::GetAtt": [
903
+ "testcloudfronts3CloudFrontOac7A951AA6",
904
+ "Id"
905
+ ]
906
+ },
907
+ "S3OriginConfig": {}
495
908
  },
496
909
  {
497
910
  "DomainName": {