In no particular order, here are the things that need to happen to correctly setup this project on AWS.
When configuring our S3 buckets, let's enable Bucket Versioning. This is very helpful especially for user-generated data (eg: avatars, certificaitons) where we no longer need to append (or prepend) some unique identifier to the asset name.
However, by default this doesn't play nicely with CloudFront which by default will serve the latest cached version even if a new one has been uploaded. We want to configure CloudFront to work with the versionId query param, like so:
https://{DISTIBUTION_ID}.cloudfront.net/certifications/diploma.pdf?versionId={S3_VERSION}
To do this, we need to create a new Custom Cache Policy that is identical to the recommended Caching Optimized but adds the versionId Query String to the Cache key settings. This means that the versionId is now part of the Cache Key that CloudFront creates, thus we'll be able to get different versions of the same file, by replacing it.