diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
new file mode 100644
index 0000000..d5b4287
--- /dev/null
+++ b/terraform/cloudfront.tf
@@ -0,0 +1,63 @@
+resource "aws_cloudfront_distribution" "api-by-becki" {
+  origin {
+    domain_name = "abb.gmem.ca"
+    origin_id   = "abb.gmem.ca"
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "https-only"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+  }
+
+  default_cache_behavior {
+    allowed_methods        = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods         = ["GET", "HEAD"]
+    target_origin_id       = "abb.gmem.ca"
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+
+    forwarded_values {
+      query_string = true
+
+      cookies {
+        forward = "all"
+      }
+    }
+  }
+
+
+  http_version = "http2and3"
+
+  enabled         = true
+  is_ipv6_enabled = true
+
+  aliases = ["api-by-becki.gmem.ca"]
+  viewer_certificate {
+    acm_certificate_arn = aws_acm_certificate.api-by-becki.arn
+    ssl_support_method = "sni-only"
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+}
+
+resource "aws_acm_certificate" "api-by-becki" {
+  domain_name       = "api-by-becki.gmem.ca"
+  validation_method = "DNS"
+  provider          = aws.virginia
+}
+
+resource "aws_acm_certificate_validation" "api-by-becki" {
+  certificate_arn = aws_acm_certificate.api-by-becki.arn
+  validation_record_fqdns = [
+    aws_route53_record.api-by-becki-primary.fqdn
+  ]
+  provider = aws.virginia
+}
\ No newline at end of file
diff --git a/terraform/gmem.ca.tf b/terraform/gmem.ca.tf
index d3b5e7f..491c3a7 100644
--- a/terraform/gmem.ca.tf
+++ b/terraform/gmem.ca.tf
@@ -8,4 +8,33 @@ resource "aws_route53_record" "api-by-becki" {
   type    = "A"
   ttl     = 300
   records = ["168.119.154.189"]
-}
\ No newline at end of file
+}
+
+resource "aws_route53_record" "api-by-becki-primary" {
+  zone_id = aws_route53_zone.gmemca.zone_id
+  name    = "api-by-becki"
+  type = "A"
+
+  alias {
+    name = "${aws_cloudfront_distribution.api-by-becki.domain_name}"
+    zone_id = "${aws_cloudfront_distribution.api-by-becki.hosted_zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "api-by-becki-acm" {
+  for_each = {
+    for dvo in aws_acm_certificate.api-by-becki.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = aws_route53_zone.gmemca.zone_id
+}
diff --git a/terraform/main.tf b/terraform/main.tf
index 8b88277..5c7c0b5 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,12 +1,12 @@
 terraform {
   required_providers {
     vercel = {
-      source = "vercel/vercel"
+      source  = "vercel/vercel"
       version = "~> 0.3"
     }
     aws = {
-        source = "hashicorp/aws"
-        version = "4.28.0"
+      source  = "hashicorp/aws"
+      version = "4.28.0"
     }
   }
   backend "s3" {
@@ -15,3 +15,8 @@ terraform {
     region = "eu-west-2"
   }
 }
+
+provider "aws" {
+  alias = "virginia"
+  region = "us-east-1"
+}
\ No newline at end of file
diff --git a/vps/api-by-becki.yaml b/vps/api-by-becki.yaml
index e4d5686..b998a2b 100644
--- a/vps/api-by-becki.yaml
+++ b/vps/api-by-becki.yaml
@@ -32,6 +32,8 @@ spec:
           - name: API_COUCH_DATABASE
             value: art-by-becki
         resources:
+          requests:
+            cpu: "1m"
           limits:
             memory: "128Mi"
             cpu: "500m"