CloudFront distributions using origin access identity should be migrated to origin access control

Docs > Datadog Security > OOTB Rules > CloudFront distributions using origin access identity should be migrated to origin access control

Description

CloudFront distributions using Origin Access Identity (OAI) should be migrated to Origin Access Control (OAC) for enhanced security features, including signed requests, granular permissions, and support for AWS Identity and Access Management (IAM) policies. Additionally, OAC offers broader compatibility with various AWS origins, such as S3 and custom origins, enhancing both flexibility and security.

Remediation

For guidance on migrating legacy OAI to OAC, refer to the Migrating from origin access identity (OAI) to origin access control (OAC) section of the Amazon CloudFront Developer Guide.