I'm putting assets to S3 with expiry headers, which successfully get passed through to CloudFront distributions. However, requests after the expiry don't result in CloudFront requesting a fresh file from the origin server.
I am also finding that query string version tokens don't force a fresh asset, and I don't want to use full, file name versioning.
All of this may be down to my poor knowledge of cache-control headers, but I am starting to wonder if I am missing something critical about how CloudFront is supposed to work. The CloudFront responses are showing headers like the following.
Cache-Control: max-age=120
Expires: Tue, 07 Apr 2009 12:13:26 GMT