Custom domain s3 & SSL

I have a project based off of one of the example repos which uses webpack to wrap up a bunch of frontend content and then ships it off to s3. This is all well and good for normal http:// custom domains, but I’m running into some issues while trying to add SSL. Afaict the only way to get SSL on an s3-hosted site with a custom domain is to create a cloudfront distribution. While the JS/CSS are all suffixed with hashes, the root index.html is just overwritten. Since it’s cached by cloudfront, this is an issue when I update the code. Manually invalidating (or even automatically invalidating) on each deploy seems like a bad solution.

What is the suggested way to add SSL to this?

I think there is a way to use Route 53 to do custom domain SSL on S3 but it is also possible to use a custom domain with SSL in api gateway to return a lambda with basic html using serverless. That html can then reference your frontend bundle.js via cloudfront with s3 origin. Sounds like the long way around but it actually has the benefit of keeping your lambda hot, is quite performant and can help with code splitting/initial load. I have a website using this technique you can see the code here

Thanks - looks like this will work.