diff --git a/aws-cf-reverse-proxy/main.tf b/aws-cf-reverse-proxy/main.tf
index e4cc341..0081e59 100644
--- a/aws-cf-reverse-proxy/main.tf
+++ b/aws-cf-reverse-proxy/main.tf
@@ -108,10 +108,12 @@ resource "aws_cloudfront_distribution" "site" {
       origin_path = origin.value.origin_path
 
       custom_origin_config {
-        origin_protocol_policy = "https-only"
-        http_port              = 80
-        https_port             = 443
-        origin_ssl_protocols   = ["TLSv1.2"]
+        origin_protocol_policy   = "https-only"
+        http_port                = 80
+        https_port               = 443
+        origin_ssl_protocols     = ["TLSv1.2"]
+        origin_read_timeout      = var.origin_read_timeout
+        origin_keepalive_timeout = 60
       }
 
       custom_header {
diff --git a/aws-cf-reverse-proxy/vars.tf b/aws-cf-reverse-proxy/vars.tf
index f3bf87f..0361717 100644
--- a/aws-cf-reverse-proxy/vars.tf
+++ b/aws-cf-reverse-proxy/vars.tf
@@ -80,3 +80,8 @@ variable "cache_default_ttl" {
   default = 60
 }
 
+variable "origin_read_timeout" {
+  description = "How long CloudFront should wait for a response from the origin (in seconds)"
+  type        = number
+  default     = 60
+}