:doc:`CloudFront <../../cloudfront>` / Client / get_origin_access_control_config

********************************
get_origin_access_control_config
********************************



.. py:method:: CloudFront.Client.get_origin_access_control_config(**kwargs)

  

  Gets a CloudFront origin access control configuration.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControlConfig>`_  


  **Request Syntax**
  ::

    response = client.get_origin_access_control_config(
        Id='string'
    )
    
  :type Id: string
  :param Id: **[REQUIRED]** 

    The unique identifier of the origin access control.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'OriginAccessControlConfig': {
              'Name': 'string',
              'Description': 'string',
              'SigningProtocol': 'sigv4',
              'SigningBehavior': 'never'|'always'|'no-override',
              'OriginAccessControlOriginType': 's3'|'mediastore'|'mediapackagev2'|'lambda'
          },
          'ETag': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **OriginAccessControlConfig** *(dict) --* 

        Contains an origin access control configuration.

        
        

        - **Name** *(string) --* 

          A name to identify the origin access control. You can specify up to 64 characters.

          
        

        - **Description** *(string) --* 

          A description of the origin access control.

          
        

        - **SigningProtocol** *(string) --* 

          The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is ``sigv4``.

          
        

        - **SigningBehavior** *(string) --* 

          Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see `origin access control advanced settings <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings>`__ in the *Amazon CloudFront Developer Guide*.

           

          This field can have one of the following values:

           

          
          * ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
           
          * ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
           
          * ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. WARNING: To pass along the ``Authorization`` header from the viewer request, you *must* add the ``Authorization`` header to a `cache policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html>`__ for all cache behaviors that use origins associated with this origin access control.
          

          
        

        - **OriginAccessControlOriginType** *(string) --* 

          The type of origin that this origin access control is for.

          
    
      

      - **ETag** *(string) --* 

        The version identifier for the current version of the origin access control.

        
  
  **Exceptions**
  
  *   :py:class:`CloudFront.Client.exceptions.AccessDenied`

  
  *   :py:class:`CloudFront.Client.exceptions.NoSuchOriginAccessControl`

  