-
Hello rb09239291234,
Thank you for pointing this out. We acknowledge that this item needs to be updated.
The term “CloudFront user” was used when referring to Origin Access Identity (OAI), but OAI has considered legacy due to limited functionalities. https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_cloudfront_origins/README.html
The correct approach is to simply create an Origin Access Control (OAC) and configure the S3 bucket policy. Unlike OAI, OAC uses an IAM service principal with SigV4 request signing to securely authorize CloudFront to access private S3 content.
We’ll revise the wording in our materials to avoid confusion and ensure it reflects the current AWS terminology. Thanks again for raising this. Your feedback helps us keep our content accurate and up to date.
Regards,
JR @ Tutorials Dojo
