Default Presigned URL changed between V1 and V2 causing issues with Cloudfront S3 origins

[esteeele]

So essentially my company has a setup where we use a cloudfront distribution as an origin for presigned URLs.

The S3 origin domain name is in the format https://BUCKET.s3.REGION.amazonaws.com in cloudfront

The V1 presigned URL library gave presigned URLs in this format e.g. https://BUCKET.s3.REGION.amazonaws.com/KEY?param=xyz

We then rename the domain part of the URL to the company domain name and the client sees a URL with the comany name rather than the bucket e.g. https://company-domain/file?...

The V2 presigned URL library using this code

    PutObjectPresignRequest putObjectPresignRequest = PutObjectPresignRequest.builder()
        .putObjectRequest(PutObjectRequest.builder()
            .bucket(BUCKET)
            .key(PRESIGNED_KEY)
            .contentType("text/plain")
            .build())
        .signatureDuration(Duration.ofSeconds(100))
        .build();

    URL uploadUrl;
    try (S3Presigner s3Presigner = S3Presigner.builder()
        .build()) {
      PresignedPutObjectRequest request = s3Presigner.presignPutObject(putObjectPresignRequest);
    }

gives a URL in the format https://s3.REGION.amazonaws.com/BUCKET which when the domain part is renamed we see errors from cloudfront.

I've tried modifying cloudfront to accept https://s3.REGION.amazonaws.com/BUCKET as an origin but this is rejected with Error: updating CloudFront Distribution: InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

I can use the V2 SDK like so

    String s3BucketPath = "https://%s.s3.%s.amazonaws.com/%s";
    String cloudfrontFriendlyUrl = s3BucketPath.formatted(BUCKET, Region.EU_WEST_1, PRESIGNED_KEY);

    AwsS3V4Signer awsS3V4Signer = AwsS3V4Signer.create();
    var v4Signer = awsS3V4Signer.presign(SdkHttpFullRequest.builder()
        .uri(URI.create(cloudfrontFriendlyUrl))
        .method(SdkHttpMethod.PUT)
        .appendHeader("Content-Type", "text/plain")
        .build(), Aws4PresignerParams.builder()
        .expirationTime(Instant.now().plusSeconds(100))
        .signingRegion(Region.EU_WEST_1)
        .signingName("s3")
        .awsCredentials(DefaultCredentialsProvider.create().resolveCredentials())
        .build());

and it works perfectly ... but the AwsS3V4Signer is marked internal/unstable so I have concerns introducing this into the codebase.

I've tried using the 'official' S3Presigner client to make the URLs in the format we need but without success e.g. using endpointOverride.

Can anyone shine a light on how to resolve this please? Or have any ideas?
From AWS - is this small change in behaviour a permement change from V1 to V2 or something that might become configurable in the future?