A recent cdk-nag update revealed that we can use a newer security feature for integrating our UI CloudFront distribution with its backing S3 origin to improve our security posture. See this announcement and this documentation page for more information.