resource "aws_cloudfront_origin_access_control" "origin_access" {
  for_each = toset(var.buckets)

  name                              = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
  origin_access_control_origin_type = "s3"
  signing_behavior                  = "always"
  signing_protocol                  = "sigv4"
}