opensupplyhub · VadimKovalenkoSNF · Jan 8, 2026 · Jan 5, 2026 · Jan 6, 2026 · Jan 7, 2026
diff --git a/deployment/environments/terraform-development.tfvars b/deployment/environments/terraform-development.tfvars
@@ -9,6 +9,10 @@ r53_service_discovery_zone = "sd.internal"
 r53_public_hosted_zone = "os-hub.net"
 
 cloudfront_price_class = "PriceClass_All"
+api_facilities_cache_default_ttl           = 60
+api_facilities_cache_max_ttl               = 60
+api_production_locations_cache_default_ttl = 60
+api_production_locations_cache_max_ttl     = 60
 
 bastion_ami = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"

diff --git a/deployment/environments/terraform-preprod.tfvars b/deployment/environments/terraform-preprod.tfvars
@@ -10,6 +10,11 @@ r53_public_hosted_zone = "os-hub.net"
 
 cloudfront_price_class = "PriceClass_All"
 
+api_facilities_cache_default_ttl           = 1800
+api_facilities_cache_max_ttl               = 1800
+api_production_locations_cache_default_ttl = 1800
+api_production_locations_cache_max_ttl     = 1800
+
 bastion_ami = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"
 

diff --git a/deployment/environments/terraform-production.tfvars b/deployment/environments/terraform-production.tfvars
@@ -9,6 +9,11 @@ r53_public_hosted_zone  = "opensupplyhub.org"
 
 cloudfront_price_class = "PriceClass_All"
 
+api_facilities_cache_default_ttl           = 1800
+api_facilities_cache_max_ttl               = 1800
+api_production_locations_cache_default_ttl = 1800
+api_production_locations_cache_max_ttl     = 1800
+
 bastion_ami           = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"
 

diff --git a/deployment/environments/terraform-rba.tfvars b/deployment/environments/terraform-rba.tfvars
@@ -9,6 +9,11 @@ r53_public_hosted_zone  = "opensupplyhub.org"
 
 cloudfront_price_class = "PriceClass_All"
 
+api_facilities_cache_default_ttl           = 1800
+api_facilities_cache_max_ttl               = 1800
+api_production_locations_cache_default_ttl = 1800
+api_production_locations_cache_max_ttl     = 1800
+
 bastion_ami           = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"
 

diff --git a/deployment/environments/terraform-staging.tfvars b/deployment/environments/terraform-staging.tfvars
@@ -8,6 +8,11 @@ r53_public_hosted_zone = "staging.opensupplyhub.org"
 
 cloudfront_price_class = "PriceClass_All"
 
+api_facilities_cache_default_ttl           = 1800
+api_facilities_cache_max_ttl               = 1800
+api_production_locations_cache_default_ttl = 1800
+api_production_locations_cache_max_ttl     = 1800
+
 bastion_ami = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"
 

diff --git a/deployment/environments/terraform-test.tfvars b/deployment/environments/terraform-test.tfvars
@@ -10,6 +10,11 @@ r53_public_hosted_zone = "os-hub.net"
 
 cloudfront_price_class = "PriceClass_All"
 
+api_facilities_cache_default_ttl           = 60
+api_facilities_cache_max_ttl               = 60
+api_production_locations_cache_default_ttl = 60
+api_production_locations_cache_max_ttl     = 60
+
 bastion_ami = "ami-0bb3fad3c0286ebd5"
 bastion_instance_type = "t3.nano"
 

diff --git a/deployment/terraform/cdn.tf b/deployment/terraform/cdn.tf
@@ -1,5 +1,17 @@
 locals {
   frontend_bucket_name = "${lower(replace(var.project, " ", ""))}-${lower(var.environment)}-frontend-${var.aws_region}"
+  api_cache_behaviors = [
+    {
+      path_pattern = "api/facilities/*"
+      default_ttl  = var.api_facilities_cache_default_ttl
+      max_ttl      = var.api_facilities_cache_max_ttl
+    },
+    {
+      path_pattern = "api/v1/production-locations/*"
+      default_ttl  = var.api_production_locations_cache_default_ttl
+      max_ttl      = var.api_production_locations_cache_max_ttl
+    }
+  ]
 }
 
 resource "aws_s3_bucket" "react" {
@@ -190,6 +202,33 @@ resource "aws_cloudfront_distribution" "cdn" {
     max_ttl                = 31536000 # 1 year. Same as TILE_CACHE_MAX_AGE_IN_SECONDS in src/django/oar/settings.py
   }
 
+  dynamic "ordered_cache_behavior" {
+    for_each = local.api_cache_behaviors
+
+    content {
+      path_pattern     = ordered_cache_behavior.value.path_pattern
+      allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+      cached_methods   = ["GET", "HEAD", "OPTIONS"]
+      target_origin_id = "originAlb"
+
+      forwarded_values {
+        query_string = true
+        headers      = ["Authorization"]
+
+        cookies {
+          forward           = "whitelist"
+          whitelisted_names = ["sessionid", "csrftoken"]
+        }
+      }
+
+      compress               = true
+      viewer_protocol_policy = "redirect-to-https"
+      min_ttl                = 0
+      default_ttl            = ordered_cache_behavior.value.default_ttl
+      max_ttl                = ordered_cache_behavior.value.max_ttl
+    }
+  }
+
   ordered_cache_behavior {
     path_pattern     = "api/*"
     allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]

diff --git a/deployment/terraform/variables.tf b/deployment/terraform/variables.tf
@@ -43,6 +43,30 @@ variable "cloudfront_price_class" {
 variable "cloudfront_auth_token" {
 }
 
+variable "api_facilities_cache_default_ttl" {
+  description = "Default TTL (seconds) for facilities OS ID detail endpoint"
+  type        = number
+  default     = 1800
+}
+
+variable "api_facilities_cache_max_ttl" {
+  description = "Max TTL (seconds) for facilities OS ID detail endpoint"
+  type        = number
+  default     = 1800
+}
+
+variable "api_production_locations_cache_default_ttl" {
+  description = "Default TTL (seconds) for production-locations OS ID detail endpoint"
+  type        = number
+  default     = 1800
+}
+
+variable "api_production_locations_cache_max_ttl" {
+  description = "Max TTL (seconds) for production-locations OS ID detail endpoint"
+  type        = number
+  default     = 1800
+}
+
 variable "vpc_cidr_block" {
   default = "10.0.0.0/16"
 }

diff --git a/doc/release/RELEASE-NOTES.md b/doc/release/RELEASE-NOTES.md
@@ -32,6 +32,7 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 ### Architecture/Environment changes
 * [OSDEV-2047](https://opensupplyhub.atlassian.net/browse/OSDEV-2047) - Removed all Terraform configurations and ECS service definitions related to the deprecated standalone ContriCleaner service. Cleaned up the repository by deleting unused code and references, as ContriCleaner now operates exclusively as an internal Django library.
 * [OSDEV-2318](https://opensupplyhub.atlassian.net/browse/OSDEV-2318) - Updated Terraform version from `1.5` to `1.13.3`. Upgraded Kafka from the `3.4.0` to `3.9.0` to align with the current AWS MSK supported version.
+* [OSDEV-2328](https://opensupplyhub.atlassian.net/browse/OSDEV-2328) - Added CloudFront caching for the facilities and production-location OS ID endpoints, refactored the Terraform config to use endpoint-specific TTL variables, and set per-environment durations (30 minutes for Prod/RBA/Preprod/Staging, 1 minute for Dev/Test). CloudFront still caches only GET/HEAD/OPTIONS while allowing all HTTP methods to reach the origin.
 
 ### Bugfix
 * [OSDEV-2047](https://opensupplyhub.atlassian.net/browse/OSDEV-2047) - Previously, there were two security groups with the same tags: one for the Django app and another for ContriCleaner. After removing the ContriCleaner service infrastructure, a bug was eliminated in which the Django CLI task in the Development environment selected the wrong security group - the one without database access, belonging to ContriCleaner - which prevented Django management commands from running against the database in the Development environment.