diff --git a/README.md b/README.md
index efd2971..9f2fca2 100644
--- a/README.md
+++ b/README.md
@@ -187,6 +187,7 @@ Available targets:
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [ordered\_cache](#input\_ordered\_cache) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
cache_policy_id = string
origin_request_policy_id = string
compress = bool
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
response_headers_policy_id = string
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
+| [origin\_access\_identity\_enabled](#input\_origin\_access\_identity\_enabled) | When true, creates origin access identity resource | `bool` | `true` | no |
| [origin\_domain\_name](#input\_origin\_domain\_name) | The DNS domain name of your custom origin (e.g. website) | `string` | `""` | no |
| [origin\_http\_port](#input\_origin\_http\_port) | The HTTP port the custom origin listens on | `number` | `"80"` | no |
| [origin\_https\_port](#input\_origin\_https\_port) | The HTTPS port the custom origin listens on | `number` | `443` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index af5cb43..7f3265a 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -82,6 +82,7 @@
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [ordered\_cache](#input\_ordered\_cache) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
cache_policy_id = string
origin_request_policy_id = string
compress = bool
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
response_headers_policy_id = string
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
+| [origin\_access\_identity\_enabled](#input\_origin\_access\_identity\_enabled) | When true, creates origin access identity resource | `bool` | `true` | no |
| [origin\_domain\_name](#input\_origin\_domain\_name) | The DNS domain name of your custom origin (e.g. website) | `string` | `""` | no |
| [origin\_http\_port](#input\_origin\_http\_port) | The HTTP port the custom origin listens on | `number` | `"80"` | no |
| [origin\_https\_port](#input\_origin\_https\_port) | The HTTPS port the custom origin listens on | `number` | `443` | no |
diff --git a/main.tf b/main.tf
index 8c11095..3fd125c 100644
--- a/main.tf
+++ b/main.tf
@@ -8,7 +8,7 @@ module "origin_label" {
}
resource "aws_cloudfront_origin_access_identity" "default" {
- count = module.this.enabled ? 1 : 0
+ count = module.this.enabled && var.origin_access_identity_enabled ? 1 : 0
comment = module.origin_label.id
}
diff --git a/variables.tf b/variables.tf
index af7bf4e..e22a549 100644
--- a/variables.tf
+++ b/variables.tf
@@ -134,6 +134,12 @@ variable "comment" {
description = "Comment for the origin access identity"
}
+variable "origin_access_identity_enabled" {
+ type = bool
+ default = true
+ description = "When true, creates origin access identity resource"
+}
+
variable "logging_enabled" {
type = bool
default = true