I followed the steps here, and two days later the redirect is not being forced. I can access the file in S3 directly, I can access it in Cloudfront too, but the redirect from from S3 to Cloudfront does not happen. Is there a missing step here?
A couple of things here:
(1) It’s not a redirect: the S3 link will show "Access Denied" while the CF link will just work. If you’re expecting the S3 link to 302 over, that’s not what happens.
(2) There is some trickiness around the existing bucket policy that can make it seem like the object is still visible. If you test the S3 link in a Chrome incognito window (or another browser) to make sure you’re not logged into AWS, this should fail (because public read has been revoked for anonymous access). However, if you are using an account where you’re the bucket owner, if you use the same S3 link while logged in, you will still have access since it’s using your logged in credentials.
There’s no redirection, s3 only allows get content from cloudfront, and to get the object it is needed to access to the cloudfront link. The advantage is that now rhe content is protected by cloudfront caracteristics (caching, waf, geolocation blocking). To test it , you can update the file "hello.txt" and invalidate that file in cloudfront "Invalidations", and cloudfront updates the file at that moment from the s3 bucket.