Http headers necessary ensure cloudfront distributed files don’t get browser cached

Firstly, the point of Cloudfront is to serve cached content - if you try to serve uncached content from Cloudfront it is slower than serving it directly from S3, in almost all cases (something like streaming content would be the exception). Consider for a moment what needs to happen to serve content from Cloudfront - it needs to be retrieved from the origin server to a location that is geographically close to the user - which means that for a request where Cloudfront has to retrieve content from the origin server, you add extra latency into the request, and the user receives content slower. It is only once the content is available at the edge location that subsequent requests are faster.

The best approach to this problem is to change your filenames when you update a page - this will force Cloudfront to retrieve the new content. Again, keep in mind that Cloudfront is typically used for media files (including images) and style/javascript - and not so much for html. Esssentially, you would have your HTML on S3, and your images on Cloudfront - with any changes you make, you can change the name of the file on Cloudfront (e.g. file-v1.jpg, file-v2.jpg, etc). Another common way is including a query string with version information.

Also, keep in mind that Cloudfront does not serve gzipped content - which may result in a slower response than from a regular server (although, in your case, S3 doesn't identify gzip capable browsers either).

Finally, if you want to, you can use invalidation to force Cloudfront to discard its existing copy and fetch a new one from the origin server. Note, however, that Cloudfront gives you only 1000 free invalidations per month, after which the cost is $0.005/invalidation.

The lowest time Cloudfront will keep content is 1hr, although, the default is 24hr. I'd therefore try to set the max-age to at least 3600. Consider also an s-maxage header (for shared - i.e. proxied content). Amazon recommends this caching tutorial.

There was a recent problem with this, rectified a few days ago

Amazon CloudFront (mostly) obeys the regular HTTP cache control mechanism (see RFC 2616) as documented in Amazon CloudFront Object Expiration, specifically:

You can specify a longer expiration time by using the Cache-Control, Pragma, or Expires header on the object in the origin server. [...] CloudFront does not restrict their maximum values.

The minimum expiration time you can specify is one hour. If you specify a minimum time of less than one hour, CloudFront uses one hour.

[emphasis mine]

Thus you will have to orchestrate your LAMP stack to apply the desired Cache-Control: max-age=3600 header specifically to those objects/pages, which will be picked up automatically by CloudFront during its origin fetch thereafter.

How this is done in particular depends on the tools/technologies used to serve the content of course, e.g.:

• Apache - a good tutorial with several example configurations and tips on how to do that with Apache seems to be How to enable file caching with .htaccess in Apache
• PHP - a concise tutorial featuring a good example for PHP in particular seems to be HTTP Caching

For an excellent overview about caching in general I recommend Mark Nottingham's Caching Tutorial.