I went ahead and enabled AWS Cloudfront for a CDN cache in front of my S3 bucket which was setup as described here. However, configuring Cloudfront prompted for some modifications to the S3 access policies. In particular, there seem to be some policies that would restrict S3 bucket access to only Cloudfront, instead of the public access that this guide suggests. Is anyone able to review what the correct S3 bucket permissions policies should be if you are using Cloudfront CDN with your S3 bucket on Discourse? Currently, my CDN is working, but I am not sure if I need to remove any extraneous access permissions from the S3 bucket.