Data Source: Origin Access Control

Do we a data source to retrieve information about a aws_cloudfront_origin_access_control?

If not how can we fetch details on an existing aws_cloudfront_origin_access_control, so that it can be re-used

Could you provide an example of how you would reuse an existing aws_cloudfront_origin_access_control?

When creating cloudfront distribution, we can select an existing access control. Attached a screenshot of the same

In there its recommended to use an existing one, rather creating new one all the time.

Also does notice that there is an API existing to get OriginAccessControl, but not seeing this in terraform

so trying to achieve the same using terraform when creating the cloudfront distribution

resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name                   = aws_s3_bucket.b.bucket_regional_domain_name
    origin_access_control_id = <use existing one>
    origin_id                             = local.s3_origin_id

if a data source exists to fetch an existing OAC, we should use it in the above example…

Did notice that Data Source to fetch OAI exists, but not for OAC

It seems like a valid enhancement request to me.

I did notice another request concerning aws_cloudfront_origin_access_control though not related to reusing one as a data source.

It does mention what seems to be an AWS limitation:

Before you create an origin access control (OAC) or set it up in a CloudFront distribution, make sure the OAC has permission to access the S3 bucket origin. Do this after creating a CloudFront distribution, but before adding the OAC to the S3 origin in the distribution configuration.

I’m not sure whether this plays a role on what you’re suggesting.