AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2025-11-19 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.md

Summary

Updated references to 'AWS CloudFormation' to 'CloudFormation' throughout the document for consistency in product naming

Security assessment

The changes are purely cosmetic branding updates (removing redundant 'AWS' prefix from CloudFormation references). No security-related content was added, modified, or removed. The OAC signing behavior recommendations and security implications remain unchanged.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.md b/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.md
index 3a3495132..69c09e6ea 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-mediapackage.md
@@ -88 +88 @@ JSON
-To create an OAC, you can use the AWS Management Console, AWS CloudFormation, the AWS CLI, or the CloudFront API.
+To create an OAC, you can use the AWS Management Console, CloudFormation, the AWS CLI, or the CloudFront API.
@@ -140 +140 @@ CloudFormation
-To create an OAC with AWS CloudFormation, use the `AWS::CloudFront::OriginAccessControl` resource type. The following example shows the AWS CloudFormation template syntax, in YAML format, for creating an OAC.
+To create an OAC with CloudFormation, use the `AWS::CloudFront::OriginAccessControl` resource type. The following example shows the CloudFormation template syntax, in YAML format, for creating an OAC.
@@ -223 +223 @@ The CloudFront OAC feature includes advanced settings that are intended only for
-OAC contains a setting named **Signing behavior** (in the console), or `SigningBehavior` (in the API, CLI, and AWS CloudFormation). This setting provides the following options:
+OAC contains a setting named **Signing behavior** (in the console), or `SigningBehavior` (in the API, CLI, and CloudFormation). This setting provides the following options:
@@ -228 +228 @@ OAC contains a setting named **Signing behavior** (in the console), or `SigningB
-We recommend using this setting, named **Sign requests (recommended)** in the console, or `always` in the API, CLI, and AWS CloudFormation. With this setting, CloudFront always signs all requests that it sends to the MediaPackage v2 origin.
+We recommend using this setting, named **Sign requests (recommended)** in the console, or `always` in the API, CLI, and CloudFormation. With this setting, CloudFront always signs all requests that it sends to the MediaPackage v2 origin.
@@ -233 +233 @@ We recommend using this setting, named **Sign requests (recommended)** in the co
-This setting is named **Do not sign requests** in the console, or `never` in the API, CLI, and AWS CloudFormation. Use this setting to turn off OAC for all origins in all distributions that use this OAC. This can save time and effort compared to removing an OAC from all origins and distributions that use it, one by one. With this setting, CloudFront doesn't sign any requests that it sends to the MediaPackage v2 origin.
+This setting is named **Do not sign requests** in the console, or `never` in the API, CLI, and CloudFormation. Use this setting to turn off OAC for all origins in all distributions that use this OAC. This can save time and effort compared to removing an OAC from all origins and distributions that use it, one by one. With this setting, CloudFront doesn't sign any requests that it sends to the MediaPackage v2 origin.
@@ -242 +242 @@ To use this setting, the MediaPackage v2 origin must be publicly accessible. If
-This setting is named **Do not override authorization header** in the console, or `no-override` in the API, CLI, and AWS CloudFormation. Use this setting when you want CloudFront to sign origin requests only when the corresponding viewer request does not include an `Authorization` header. With this setting, CloudFront passes on the `Authorization` header from the viewer request when one is present, but signs the origin request (adding its own `Authorization` header) when the viewer request doesn't include an `Authorization` header.
+This setting is named **Do not override authorization header** in the console, or `no-override` in the API, CLI, and CloudFormation. Use this setting when you want CloudFront to sign origin requests only when the corresponding viewer request does not include an `Authorization` header. With this setting, CloudFront passes on the `Authorization` header from the viewer request when one is present, but signs the origin request (adding its own `Authorization` header) when the viewer request doesn't include an `Authorization` header.