diff --git a/infrastructure/terraform/components/cdn/README.md b/infrastructure/terraform/components/cdn/README.md
index 257e776..685e043 100644
--- a/infrastructure/terraform/components/cdn/README.md
+++ b/infrastructure/terraform/components/cdn/README.md
@@ -33,6 +33,7 @@
| [region](#input\_region) | The AWS Region | `string` | n/a | yes |
| [schemas\_origin](#input\_schemas\_origin) | Object to specify static domains for Schemas | object({
domain_name = string,
origin_path = string,
origin_id = string
}) | {
"domain_name": "nhsdigital.github.io",
"origin_id": "github-nhs-notify-schemas",
"origin_path": "/nhs-notify-standards"
} | no |
| [shared\_infra\_account\_id](#input\_shared\_infra\_account\_id) | The AWS Account ID of the shared infrastructure account | `string` | `"000000000000"` | no |
+| [supplier\_api\_origin](#input\_supplier\_api\_origin) | Object to specify static domains for Supplier API Schemas | object({
domain_name = string,
origin_path = string,
origin_id = string
}) | {
"domain_name": "nhsdigital.github.io",
"origin_id": "github-nhs-notify-supplier-api",
"origin_path": "/nhs-notify-supplier-api"
} | no |
| [template\_files\_origin\_domain\_name](#input\_template\_files\_origin\_domain\_name) | Domain name for template file download origin | `string` | n/a | yes |
| [waf\_rate\_limit\_cdn](#input\_waf\_rate\_limit\_cdn) | The rate limit is the maximum number of CDN requests from a single IP address that are allowed in a five-minute period | `number` | `20000` | no |
## Modules
diff --git a/infrastructure/terraform/components/cdn/cloudfront_distribution_cdn.tf b/infrastructure/terraform/components/cdn/cloudfront_distribution_cdn.tf
index ceb4c76..a282c37 100644
--- a/infrastructure/terraform/components/cdn/cloudfront_distribution_cdn.tf
+++ b/infrastructure/terraform/components/cdn/cloudfront_distribution_cdn.tf
@@ -292,6 +292,58 @@ resource "aws_cloudfront_distribution" "main" {
response_headers_policy_id = aws_cloudfront_response_headers_policy.security_headers.id
}
+
+ # Supplier-API origin
+ origin {
+ domain_name = var.supplier_api_origin.domain_name
+ origin_path = var.supplier_api_origin.origin_path
+ origin_id = var.supplier_api_origin.origin_id
+
+ custom_origin_config {
+ http_port = 80
+ https_port = 443
+ origin_protocol_policy = "https-only"
+ origin_ssl_protocols = [
+ "TLSv1.2"
+ ]
+ }
+ }
+
+ ordered_cache_behavior {
+ path_pattern = "/cloudevents/schemas/supplier-api/*.schema.json"
+ allowed_methods = [
+ "GET",
+ "HEAD",
+ ]
+ cached_methods = [
+ "GET",
+ "HEAD",
+ ]
+ target_origin_id = "github-nhs-notify-supplier-api"
+
+ forwarded_values {
+ query_string = false
+ headers = ["Origin"]
+
+ cookies {
+ forward = "none"
+ }
+ }
+
+ lambda_function_association {
+ event_type = "viewer-response"
+ lambda_arn = module.lambda_rewrite_viewer_trailing_slashes.function_qualified_arn
+ }
+
+ viewer_protocol_policy = "redirect-to-https"
+ min_ttl = 0
+ default_ttl = 3600
+ max_ttl = 86400
+ compress = true
+
+ response_headers_policy_id = aws_cloudfront_response_headers_policy.security_headers.id
+ }
+
ordered_cache_behavior {
path_pattern = "/cloudevents/schemas/*.schema.json"
allowed_methods = [
diff --git a/infrastructure/terraform/components/cdn/variables.tf b/infrastructure/terraform/components/cdn/variables.tf
index 08ff211..923468d 100644
--- a/infrastructure/terraform/components/cdn/variables.tf
+++ b/infrastructure/terraform/components/cdn/variables.tf
@@ -164,6 +164,20 @@ variable "digital_letters_origin" {
}
}
+variable "supplier_api_origin" {
+ type = object({
+ domain_name = string,
+ origin_path = string,
+ origin_id = string
+ })
+ description = "Object to specify static domains for Supplier API Schemas"
+ default = {
+ domain_name = "nhsdigital.github.io"
+ origin_path = "/nhs-notify-supplier-api"
+ origin_id = "github-nhs-notify-supplier-api"
+ }
+}
+
variable "template_files_origin_domain_name" {
type = string
description = "Domain name for template file download origin"