- CloudFront requires OAC to securely serve private S3 content.
- ACM certificates must be in us-east-1 for CloudFront.
- DNS propagation may take several minutes to hours.
- Always invalidate CloudFront cache (
/*) after uploading new files.
- Paths in HTML must match S3 object names exactly (case-sensitive).