Table: aws_cloudfront_origin_access_identity - Query AWS CloudFront Origin Access Identity using SQL

The AWS CloudFront Origin Access Identity is a special CloudFront feature that allows secure access to your content within an Amazon S3 bucket. It's used as a virtual identity to enable sharing of your content with CloudFront while restricting access directly to your S3 bucket. Thus, it helps in maintaining the privacy of your data by preventing direct access to S3 resources.

Table Usage Guide

The aws_cloudfront_origin_access_identity table in Steampipe provides you with information about each origin access identity within AWS CloudFront. This table allows you, as a DevOps engineer, to query identity-specific details, including the identity's ID, S3 canonical user ID, caller reference, and associated comment. You can utilize this table to gather insights on origin access identities, such as the identity's configuration and CloudFront caller reference. The schema outlines the various attributes of the origin access identity for you, including the ID, S3 canonical user ID, caller reference, and comment.

Examples

Basic Info

Explore the foundational details of your AWS Cloudfront origin access identities to better understand your system's configuration and identify any potential areas for optimization or troubleshooting. This query is particularly useful for gaining insights into the identities' associated comments, user IDs, and unique identifiers, which can assist in system management and auditing tasks.

select
  id,
  arn,
  comment,
  s3_canonical_user_id,
  etag
from
  aws_cloudfront_origin_access_identity;

select
  id,
  arn,
  comment,
  s3_canonical_user_id,
  etag
from
  aws_cloudfront_origin_access_identity;

List origin access identity with comments

Discover the segments that have comments associated with their origin access identity in AWS Cloudfront. This is useful for understanding which identities have additional information or instructions provided, aiding in better resource management.

select
  id,
  arn,
  comment,
  caller_reference
from
  aws_cloudfront_origin_access_identity
where
  comment <> '';

select
  id,
  arn,
  comment,
  caller_reference
from
  aws_cloudfront_origin_access_identity
where
  comment != '';

Schema for aws_cloudfront_origin_access_identity

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) specifying the origin access identity.
caller_reference	text		A unique value that ensures that the request can't be replayed.
comment	text		The comment for this origin access identity.
etag	text		The current version of the origin access identity's information.
id	text	=	The ID for the origin access identity.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
s3_canonical_user_id	text		The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudfront_origin_access_identity