{
  "additionalProperties" : false,
  "definitions" : {
    "CloudFrontOriginAccessIdentityConfig" : {
      "additionalProperties" : false,
      "properties" : {
        "Comment" : {
          "type" : "string"
        }
      },
      "required" : [ "Comment" ],
      "type" : "object"
    }
  },
  "description" : "Resource Type definition for AWS::CloudFront::CloudFrontOriginAccessIdentity",
  "handlers" : {
    "create" : {
      "permissions" : [ "cloudfront:CreateCloudFrontOriginAccessIdentity" ]
    },
    "delete" : {
      "permissions" : [ "cloudfront:DeleteCloudFrontOriginAccessIdentity" ]
    },
    "list" : {
      "permissions" : [ "cloudfront:ListCloudFrontOriginAccessIdentities" ]
    },
    "read" : {
      "permissions" : [ "cloudfront:GetCloudFrontOriginAccessIdentity" ]
    },
    "update" : {
      "permissions" : [ "cloudfront:UpdateCloudFrontOriginAccessIdentity" ]
    }
  },
  "primaryIdentifier" : [ "/properties/Id" ],
  "properties" : {
    "CloudFrontOriginAccessIdentityConfig" : {
      "$ref" : "#/definitions/CloudFrontOriginAccessIdentityConfig"
    },
    "Id" : {
      "type" : "string"
    },
    "S3CanonicalUserId" : {
      "type" : "string"
    }
  },
  "readOnlyProperties" : [ "/properties/Id", "/properties/S3CanonicalUserId" ],
  "required" : [ "CloudFrontOriginAccessIdentityConfig" ],
  "typeName" : "AWS::CloudFront::CloudFrontOriginAccessIdentity"
}