signing
Parameters
Specifies which requests CloudFront signs (adds authentication information to). Specify `always` for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide. This field can have one of the following values:
`always`– CloudFront signs all origin requests, overwriting the`Authorization`header from the viewer request if one exists.`never`– CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.`no-override`– If the viewer request doesn't contain the`Authorization`header, then CloudFront signs the origin request. If the viewer request contains the`Authorization`header, then CloudFront doesn't sign the origin request and instead passes along the`Authorization`header from the viewer request. WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.