It turns out that the interaction between S3, CloudFront, and Route53 can be bumpy when setting up buckets as CDN origins. It’s apparently expected that a CloudFront URL will read data from the wrong bucket URL and redirect browsers there for the first hour or more. The message from AWS is “just wait,” which makes for a crappy experience.
One respondent in this forum thread seems to share my frustration:
So, while I get the concept of waiting for DNS to propagate, I don’t understand how I can curl -I the virtual path of a brand newbucket and immediately get a 200 OK, but it takes an hour or more for the CloudFront domain name to stop redirecting. It makes no sense to blame it on the S3 URL being too new, if I get the OK right away.
This has been going on for years, I would have hoped some genius would be able to have figured out exactly why this takes so long.
However, even after things get going, the forums seem to indicate that the easy path to the S3 origin will lead to errors. CloudFront will fetch the
example.com/ for the top level of the site, but not for deeper paths.
To fix that, you have to delete the S3 origin and manually configure a new CloudFront origin using the S3 bucket’s static website URL.