:doc:`CloudFront <../../cloudfront>` / Client / get_origin_access_control

*************************
get_origin_access_control
*************************



.. py:method:: CloudFront.Client.get_origin_access_control(**kwargs)

  

  Gets a CloudFront origin access control, including its unique identifier.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControl>`_  


  **Request Syntax**
  ::

    response = client.get_origin_access_control(
        Id='string'
    )
    
  :type Id: string
  :param Id: **[REQUIRED]** 

    The unique identifier of the origin access control.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'OriginAccessControl': {
              'Id': 'string',
              'OriginAccessControlConfig': {
                  'Name': 'string',
                  'Description': 'string',
                  'SigningProtocol': 'sigv4',
                  'SigningBehavior': 'never'|'always'|'no-override',
                  'OriginAccessControlOriginType': 's3'|'mediastore'|'mediapackagev2'|'lambda'
              }
          },
          'ETag': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **OriginAccessControl** *(dict) --* 

        Contains an origin access control, including its unique identifier.

        
        

        - **Id** *(string) --* 

          The unique identifier of the origin access control.

          
        

        - **OriginAccessControlConfig** *(dict) --* 

          The origin access control.

          
          

          - **Name** *(string) --* 

            A name to identify the origin access control. You can specify up to 64 characters.

            
          

          - **Description** *(string) --* 

            A description of the origin access control.

            
          

          - **SigningProtocol** *(string) --* 

            The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is ``sigv4``.

            
          

          - **SigningBehavior** *(string) --* 

            Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see `origin access control advanced settings <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings>`__ in the *Amazon CloudFront Developer Guide*.

             

            This field can have one of the following values:

             

            
            * ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
             
            * ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
             
            * ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. WARNING: To pass along the ``Authorization`` header from the viewer request, you *must* add the ``Authorization`` header to a `cache policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html>`__ for all cache behaviors that use origins associated with this origin access control.
            

            
          

          - **OriginAccessControlOriginType** *(string) --* 

            The type of origin that this origin access control is for.

            
      
    
      

      - **ETag** *(string) --* 

        The version identifier for the current version of the origin access control.

        
  
  **Exceptions**
  
  *   :py:class:`CloudFront.Client.exceptions.AccessDenied`

  
  *   :py:class:`CloudFront.Client.exceptions.NoSuchOriginAccessControl`

  