That’s a great point. Especially around OAC and cache strategy. Right now the focus was on getting the full request flow and architecture in place end-to-end, but tightening S3 access using OAC and moving towards a proper caching strategy is definitely the next step. The immutable assets + content hashing approach makes a lot of sense, especially when combined with more controlled cache invalidation for index.html. Also agree on WAF. I wanted to include it early just to get familiar with how it fits into the request path rather than treating it as an afterthought. Appreciate the insight. I’ll be iterating on this setup further.