400 The parameter Headers contains Authorization that is not allowed

Problem solved, with just a little reading.

I created a custom cache policy to whitelist the Authorization header as the default policies do not cache any headers. I can then use an origin request policy to decide if I want the Authorization header to be cached or not, per the documentation below:

"All URL query strings, HTTP headers, and cookies that you include in the cache key (using a cache policy) are automatically included in origin requests. Use the origin request policy to specify the information that you want to include in origin requests, but not include in the cache key."

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html

Edited by: Nabware on Oct 30, 2020 1:52 PM
As an aside, I still receive the same error when trying to create an origin request policy to whitelist the Authorization header. My guess would be CloudFront does not cache the Authorization header by default for security purposes.