diff --git a/packages/@aws-cdk/aws-cloudfront-origins/lib/s3-origin.ts b/packages/@aws-cdk/aws-cloudfront-origins/lib/s3-origin.ts
index ea679a88a9aa7..43fdf3bc4ef9d 100644
--- a/packages/@aws-cdk/aws-cloudfront-origins/lib/s3-origin.ts
+++ b/packages/@aws-cdk/aws-cloudfront-origins/lib/s3-origin.ts
@@ -58,7 +58,9 @@ class S3BucketOrigin extends cloudfront.OriginBase {
 
   public bind(scope: cdk.Construct, options: cloudfront.OriginBindOptions): cloudfront.OriginBindConfig {
     if (!this.originAccessIdentity) {
-      this.originAccessIdentity = new cloudfront.OriginAccessIdentity(scope, 'S3Origin');
+      this.originAccessIdentity = new cloudfront.OriginAccessIdentity(scope, 'S3Origin', {
+        comment: `Access identity for ${options.originId}`,
+      });
       this.bucket.grantRead(this.originAccessIdentity);
     }
     return super.bind(scope, options);
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/integ.origin-group.expected.json b/packages/@aws-cdk/aws-cloudfront-origins/test/integ.origin-group.expected.json
index a0e2688a424f7..c4c06bf2d874e 100644
--- a/packages/@aws-cdk/aws-cloudfront-origins/test/integ.origin-group.expected.json
+++ b/packages/@aws-cdk/aws-cloudfront-origins/test/integ.origin-group.expected.json
@@ -60,7 +60,7 @@
       "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
       "Properties": {
         "CloudFrontOriginAccessIdentityConfig": {
-          "Comment": "Allows CloudFront to reach the bucket"
+          "Comment": "Access identity for cloudfrontorigingroupDistributionOrigin137659A54"
         }
       }
     },
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/integ.s3-origin.expected.json b/packages/@aws-cdk/aws-cloudfront-origins/test/integ.s3-origin.expected.json
index 0a1d437718590..01f61d983d8a6 100644
--- a/packages/@aws-cdk/aws-cloudfront-origins/test/integ.s3-origin.expected.json
+++ b/packages/@aws-cdk/aws-cloudfront-origins/test/integ.s3-origin.expected.json
@@ -60,7 +60,7 @@
       "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
       "Properties": {
         "CloudFrontOriginAccessIdentityConfig": {
-          "Comment": "Allows CloudFront to reach the bucket"
+          "Comment": "Access identity for cloudfronts3originDistributionOrigin1741C4E95"
         }
       }
     },
diff --git a/packages/@aws-cdk/aws-cloudfront-origins/test/s3-origin.test.ts b/packages/@aws-cdk/aws-cloudfront-origins/test/s3-origin.test.ts
index 8885e3b5cf091..1dcc17de37249 100644
--- a/packages/@aws-cdk/aws-cloudfront-origins/test/s3-origin.test.ts
+++ b/packages/@aws-cdk/aws-cloudfront-origins/test/s3-origin.test.ts
@@ -54,7 +54,7 @@ describe('With bucket', () => {
 
     expect(stack).toHaveResourceLike('AWS::CloudFront::CloudFrontOriginAccessIdentity', {
       CloudFrontOriginAccessIdentityConfig: {
-        Comment: 'Allows CloudFront to reach the bucket',
+        Comment: 'Access identity for StackDistOrigin15754CE84',
       },
     });
     expect(stack).toHaveResourceLike('AWS::S3::BucketPolicy', {