We've also been using S3 + Cloudfront for our static website, it's super cheap and has been low touch.
We've run into two things though:
- We have very little control over TLS versions and cipher settings.
- We have to use a CNAME so we can't point a bare domain at it which also means we can't add our site to the HSTS preload list (I think there is a way to purchase an IP though now, if anyone knows please let me know).
On your point about using CNAMEs - if you have the domain set up with Route 53, you can create an A/AAAA alias record on the domain apex pointing to CloudFront.
We've run into two things though:
- We have very little control over TLS versions and cipher settings.
- We have to use a CNAME so we can't point a bare domain at it which also means we can't add our site to the HSTS preload list (I think there is a way to purchase an IP though now, if anyone knows please let me know).
Overall totally worth it though.