diff --git a/template-cloudfront.yaml b/template-cloudfront.yaml
index 0c60701..8d5b26a 100644
--- a/template-cloudfront.yaml
+++ b/template-cloudfront.yaml
@@ -7,6 +7,16 @@ Parameters:
     Default: "naputo-blog-public"
 
 Resources:
+
+  BlogOriginAccessControl:
+    Type: AWS::CloudFront::OriginAccessControl
+    Properties:
+      OriginAccessControlConfig:
+        Name: "MyBlogOAC"
+        OriginAccessControlOriginType: s3
+        SigningBehavior: always
+        SigningProtocol: sigv4
+
   BlogCloudFrontDistribution:
     Type: AWS::CloudFront::Distribution
     Properties:
@@ -14,11 +24,9 @@ Resources:
         Enabled: true
         Origins:
           - Id: S3WebsiteOrigin
-            DomainName: !Sub "${WebsiteBucketName}.s3-website-${AWS::Region}.amazonaws.com"
-            CustomOriginConfig:
-              HTTPPort: 80
-              HTTPSPort: 80
-              OriginProtocolPolicy: http-only
+            DomainName: !Sub "${WebsiteBucketName}.s3.amazonaws.com"
+            OriginAccessControlId: !Ref BlogOriginAccessControl
+            S3OriginConfig: {}
         DefaultCacheBehavior:
           TargetOriginId: S3WebsiteOrigin
           ViewerProtocolPolicy: redirect-to-https