Invalidate CloudFront cached content and tune cache key configuration for efficient caching

Verified steps

1. Create a CloudFront invalidation via the AWS console, CLI (aws cloudfront create-invalidation --distribution-id <id> --paths '/path/*'), or API; wildcard paths like /* invalidate all objects but count as one invalidation path for billing purposes
2. Understand invalidation limits: the first 1,000 invalidation paths per month are free; beyond that you are charged per path; wildcard patterns count as one path regardless of how many objects they match
3. Use cache policies to control the cache key: a cache policy specifies which headers, cookies, and query strings are included in the cache key; minimizing the cache key (exclude unused headers/cookies) dramatically improves cache hit rate
4. Use origin request policies to forward additional headers/cookies to the origin that are NOT part of the cache key — this allows personalization headers to reach the origin without fragmenting the cache
5. Set appropriate Cache-Control headers on origin responses (max-age, s-maxage, stale-while-revalidate) to drive CloudFront TTLs; CloudFront's cache policy minimum/maximum/default TTL values override origin headers when the origin does not set them
6. For versioned static assets (hashed filenames), use long TTLs (e.g., 1 year) and deploy new filenames on change rather than invalidating; reserve invalidations for unversioned resources like index.html or API responses