||Public S3 CloudFront Origin
||Detects the use of an S3 bucket as a CloudFront origin without an origin access identity
||When S3 is used as an origin for a CloudFront bucket, the contents should be kept private and an origin access identity should allow CloudFront access. This prevents someone from bypassing the caching benefits that CloudFront provides, repeatedly loading objects directly from S3, and amassing a large access bill.
||Create an origin access identity for CloudFront, then make the contents of the S3 bucket private.