Do we a data source to retrieve information about a aws_cloudfront_origin_access_control?
If not how can we fetch details on an existing aws_cloudfront_origin_access_control, so that it can be re-used
Could you provide an example of how you would reuse an existing aws_cloudfront_origin_access_control?
When creating cloudfront distribution, we can select an existing access control. Attached a screenshot of the same
In there its recommended to use an existing one, rather creating new one all the time.
Also does notice that there is an API existing to get OriginAccessControl, but not seeing this in terraform
so trying to achieve the same using terraform when creating the cloudfront distribution
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = aws_s3_bucket.b.bucket_regional_domain_name
origin_access_control_id = <use existing one>
origin_id = local.s3_origin_id
}
if a data source exists to fetch an existing OAC, we should use it in the above example…
Did notice that Data Source to fetch OAI exists, but not for OAC
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_origin_access_identity
It seems like a valid enhancement request to me.
I did notice another request concerning aws_cloudfront_origin_access_control though not related to reusing one as a data source.
It does mention what seems to be an AWS limitation:
Before you create an origin access control (OAC) or set it up in a CloudFront distribution, make sure the OAC has permission to access the S3 bucket origin. Do this after creating a CloudFront distribution, but before adding the OAC to the S3 origin in the distribution configuration.
I’m not sure whether this plays a role on what you’re suggesting.