Talk about a pain, not to mention the 10x bill from Amazon that came as a surprise.
Can you explain more? Was there some cloudfront behavior exacerbating the issue? AFAIK this is just a client (mis)using range requests and CloudFront replying as requested.
After looking more closely at the differences for pricing between S3/CloudFront I realize it's appears cheaper to be on CloudFront. I assumed wrong that CloudFront data-out was billed in addition to S3 because of the way it's notated on the usage page ("AWS Data Transfer (excluding Amazon CloudFront)"). To prove it I ran two reports on CF (left) and S3 (right): http://cl.ly/image/0q0y3u2X0g1a and you can tell where I made the change, as well data is only counted on the service in question and not on both.
Can anyone else confirm the above?
On subsequent requests, cloudfront cache hits, you're only billed by Cloudfront. Cloudfront request + byte rates are cheaper than S3 in Us-east-1, IIRC. So on popular or high ttl objects it's cheaper to serve through Cloudfront. On low ttl or low rps, like a few requests per day, it's cheaper to use standalone s3.
The same origin + CDN vs CDN Hit math applies to EC2 as well. I do wish the billing was clearer in these scenarios.