AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-04-10 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.md

Summary

Added note that S3 Multi-Region Access Points require different OAC configuration and link to specific documentation.

Security assessment

The change clarifies configuration differences for a security feature (Origin Access Control) when using a new origin type. It provides guidance to avoid misconfiguration but does not address a specific security incident.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.md b/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.md
index 247c138e9..5796a94f8 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.md
@@ -29,0 +30,2 @@ OAI doesn't support these features or it requires extra workarounds in those sce
+  * If you use an Amazon S3 Multi-Region Access Point as your CloudFront origin, see [Restrict access to an Amazon S3 Multi-Region Access Point origin](./private-content-restricting-access-to-s3-mrap.html). S3 Multi-Region Access Points require a different OAC configuration.
+