Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. We have explored the option of making S3 bucket private and having public CloudFront URL to access OIDC configuration files in S3. We already have this tested and documented by SPLAT team. As part of this card, we need to automate this process through ccoctl by having an optional parameter.
The sample ccoctl command to create the above-mentioned configuration can be