Hi again! I have some issues understanding how works the AWS cloudfront distribution object (

aws.cloudfront.Distribution

), its arguments and the documentation about it: https://www.pulumi.com/registry/packages/aws/api-docs/cloudfront/distribution/#distributionorigin 1. How can I specify an

origin

(

aws.cloudfront.DistributionOriginArgs

) for the

aws.cloudfront.Distribution

where it would correspond to “origin access” = “access control settings” (recommended AWS setting - the circled in red option on my screenshot), and/or “origin access” = “legacy access identities”? 2. I have trouble understanding what is the

origin_id

argument of

aws.cloudfront.DistributionOriginArgs

on the same documentation page. Doc says “The unique identifier of the member origin”, but it’s very obscure to me. Is it the ARN of the S3 bucket? The ID of the S3 bucket? Something else?

okay, this is actually AWS creating a magic button to create a whole bunch of resources in the background. They don’t expose this via their API as a single setting, it’s actually a bucket policy.

okay, this is actually AWS creating a magic button to create a whole bunch of resources in the background. They don’t expose this via their API as a single setting, it’s actually a bucket policy.

I understand for the “access control settings”. But what about “legacy access identities”? Also wonder what is

origin_id

FYI, OAC was just announced https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-cloudfront-origin-access-control/

OAC isn’t in the cloud control API or terraform yet 😞