Example showing what you need to make S3OriginConfig work:
DistributionConfig:
Enabled: true
Origins:
-
Id: "WebsiteDistribution"
DomainName: !Ref WebsiteBucket
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${OriginAccessIdentity}'
OriginAccessIdentity:
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
Thank you! I was struggling for a day trying to figure out how to inject the Cloud Front Origin ID into S3OriginConfig. No where in AWS’ documentation did they suggest using a !Sub function