[New Data Source]: aws_cloudfront_origin_access_control

[jtyrus]

Description

Noticed when I was working on docs in #34416 that there wasn't a data source for aws_cloudfront_origin_access_control. Not as useful as the Origin Access Identity since the new version doesn't require building an arn and attaching that to the S3 policy, but could still be used as a template or something along those lines.

There's no v2 Cloudfront service yet so could be an easy first feature? Did the PR in v1 but can change it if needed.

Requested Resource(s) and/or Data Source(s)

aws_cloudfront_origin_access_control

Potential Terraform Configuration

data "aws_cloudfront_origin_access_control" "default" {
  id = "E2T5VTFBZJ3BJB"
}

resource "aws_cloudfront_origin_access_control" "new" {
  name                              = "Access Control for Dist 5"
  origin_access_control_origin_type = data.aws_cloudfront_origin_access_control.default.origin_access_control_origin_type
  signing_behavior                  = data.aws_cloudfront_origin_access_control.default.signing_behavior
  signing_protocol                  = data.aws_cloudfront_origin_access_control.default.signing_protocol
}

References

No response

Would you like to implement a fix?

Yes

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[quinyx-tjeerd]

Being able to fetch a aws_cloudfront_origin_access_control by name could be really powerful. especially when using a single bucket in multipe distro's.

if you look at an example where a single S3 bucket is used by multiple Cloudfront distributions (using different origin paths), all those distro's could reuse the same OAC, instead of having to create separate ones all the time.

bucket:

/apps/app1/sha123456/*
/apps/app2/sha123456/* <-- old versions can be kept in s3 bucket
/apps/app2/sha123457/*

cloudfronts:

app1 -> /apps/app1/sha123456
app2 -> /apps/app2/sha123457

performing a new release is then just a path change on the cloudfront.

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.59.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.