AWS CloudFront OAI enabled (rule)

Checks if Amazon CloudFront distribution with S3 Origin type has Origin Access Identity (OAI) configured. The rule is NON_COMPLIANT if the CloudFront distribution is backed by S3 and any of S3 Origin type is not OAI configured. The rule is NON_COMPLIANT if the origin is not an S3 bucket; the rule does not return NOT_APPLICABLE if the origin is not as S3 bucket. AWS CloudFront OAI Enabled.