diff --git a/builtin/providers/aws/cloudfront_distribution_configuration_structure.go b/builtin/providers/aws/cloudfront_distribution_configuration_structure.go
index 489e9883c15d..a472176478e9 100644
--- a/builtin/providers/aws/cloudfront_distribution_configuration_structure.go
+++ b/builtin/providers/aws/cloudfront_distribution_configuration_structure.go
@@ -773,21 +773,31 @@ func originCustomHeaderHash(v interface{}) int {
 }
 
 func expandCustomOriginConfig(m map[string]interface{}) *cloudfront.CustomOriginConfig {
-	return &cloudfront.CustomOriginConfig{
-		OriginProtocolPolicy: aws.String(m["origin_protocol_policy"].(string)),
-		HTTPPort:             aws.Int64(int64(m["http_port"].(int))),
-		HTTPSPort:            aws.Int64(int64(m["https_port"].(int))),
-		OriginSslProtocols:   expandCustomOriginConfigSSL(m["origin_ssl_protocols"].([]interface{})),
+
+	customOrigin := &cloudfront.CustomOriginConfig{
+		OriginProtocolPolicy:   aws.String(m["origin_protocol_policy"].(string)),
+		HTTPPort:               aws.Int64(int64(m["http_port"].(int))),
+		HTTPSPort:              aws.Int64(int64(m["https_port"].(int))),
+		OriginSslProtocols:     expandCustomOriginConfigSSL(m["origin_ssl_protocols"].([]interface{})),
+		OriginReadTimeout:      aws.Int64(int64(m["origin_read_timeout"].(int))),
+		OriginKeepaliveTimeout: aws.Int64(int64(m["origin_keepalive_timeout"].(int))),
 	}
+
+	return customOrigin
 }
 
 func flattenCustomOriginConfig(cor *cloudfront.CustomOriginConfig) map[string]interface{} {
-	return map[string]interface{}{
-		"origin_protocol_policy": *cor.OriginProtocolPolicy,
-		"http_port":              int(*cor.HTTPPort),
-		"https_port":             int(*cor.HTTPSPort),
-		"origin_ssl_protocols":   flattenCustomOriginConfigSSL(cor.OriginSslProtocols),
+
+	customOrigin := map[string]interface{}{
+		"origin_protocol_policy":   *cor.OriginProtocolPolicy,
+		"http_port":                int(*cor.HTTPPort),
+		"https_port":               int(*cor.HTTPSPort),
+		"origin_ssl_protocols":     flattenCustomOriginConfigSSL(cor.OriginSslProtocols),
+		"origin_read_timeout":      int(*cor.OriginReadTimeout),
+		"origin_keepalive_timeout": int(*cor.OriginKeepaliveTimeout),
 	}
+
+	return customOrigin
 }
 
 // Assemble the hash for the aws_cloudfront_distribution custom_origin_config
@@ -801,6 +811,9 @@ func customOriginConfigHash(v interface{}) int {
 	for _, v := range sortInterfaceSlice(m["origin_ssl_protocols"].([]interface{})) {
 		buf.WriteString(fmt.Sprintf("%s-", v.(string)))
 	}
+	buf.WriteString(fmt.Sprintf("%d-", m["origin_keepalive_timeout"].(int)))
+	buf.WriteString(fmt.Sprintf("%d-", m["origin_read_timeout"].(int)))
+
 	return hashcode.String(buf.String())
 }
 
diff --git a/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go b/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go
index 0092cb8d2742..cb594d48ebd4 100644
--- a/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go
+++ b/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go
@@ -117,10 +117,12 @@ func originCustomHeaderConf2() map[string]interface{} {
 
 func customOriginConf() map[string]interface{} {
 	return map[string]interface{}{
-		"origin_protocol_policy": "http-only",
-		"http_port":              80,
-		"https_port":             443,
-		"origin_ssl_protocols":   customOriginSslProtocolsConf(),
+		"origin_protocol_policy":   "http-only",
+		"http_port":                80,
+		"https_port":               443,
+		"origin_ssl_protocols":     customOriginSslProtocolsConf(),
+		"origin_read_timeout":      30,
+		"origin_keepalive_timeout": 5,
 	}
 }
 
@@ -785,6 +787,12 @@ func TestCloudFrontStructure_expandCustomOriginConfig(t *testing.T) {
 	if *co.HTTPSPort != 443 {
 		t.Fatalf("Expected HTTPSPort to be 443, got %v", *co.HTTPSPort)
 	}
+	if *co.OriginReadTimeout != 30 {
+		t.Fatalf("Expected Origin Read Timeout to be 30, got %v", *co.OriginReadTimeout)
+	}
+	if *co.OriginKeepaliveTimeout != 5 {
+		t.Fatalf("Expected Origin Keepalive Timeout to be 5, got %v", *co.OriginKeepaliveTimeout)
+	}
 }
 
 func TestCloudFrontStructure_flattenCustomOriginConfig(t *testing.T) {
diff --git a/builtin/providers/aws/resource_aws_cloudfront_distribution.go b/builtin/providers/aws/resource_aws_cloudfront_distribution.go
index aae05c56826b..6450e7d037c3 100644
--- a/builtin/providers/aws/resource_aws_cloudfront_distribution.go
+++ b/builtin/providers/aws/resource_aws_cloudfront_distribution.go
@@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
 func resourceAwsCloudFrontDistribution() *schema.Resource {
@@ -356,6 +357,18 @@ func resourceAwsCloudFrontDistribution() *schema.Resource {
 										Type:     schema.TypeInt,
 										Required: true,
 									},
+									"origin_keepalive_timeout": {
+										Type:         schema.TypeInt,
+										Optional:     true,
+										Default:      5,
+										ValidateFunc: validation.IntBetween(1, 60),
+									},
+									"origin_read_timeout": {
+										Type:         schema.TypeInt,
+										Optional:     true,
+										Default:      30,
+										ValidateFunc: validation.IntBetween(4, 60),
+									},
 									"origin_protocol_policy": {
 										Type:     schema.TypeString,
 										Required: true,
diff --git a/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go b/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go
index 05f4a48e4741..6fab7cbb5952 100644
--- a/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go
+++ b/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go
@@ -27,7 +27,7 @@ func TestAccAWSCloudFrontDistribution_S3Origin(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -95,7 +95,7 @@ func TestAccAWSCloudFrontDistribution_customOrigin(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionCustomConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -118,7 +118,7 @@ func TestAccAWSCloudFrontDistribution_multiOrigin(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionMultiOriginConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -141,7 +141,7 @@ func TestAccAWSCloudFrontDistribution_noOptionalItemsConfig(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionNoOptionalItemsConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -165,7 +165,7 @@ func TestAccAWSCloudFrontDistribution_HTTP11Config(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionHTTP11Config,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -183,7 +183,7 @@ func TestAccAWSCloudFrontDistribution_IsIPV6EnabledConfig(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionIsIPV6EnabledConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -203,7 +203,7 @@ func TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig(t *testing.T)
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSCloudFrontDistributionNoCustomErroResponseInfo,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudFrontDistributionExistence(
@@ -477,6 +477,8 @@ resource "aws_cloudfront_distribution" "custom_distribution" {
 			https_port = 443
 			origin_protocol_policy = "http-only"
 			origin_ssl_protocols = [ "SSLv3", "TLSv1" ]
+			origin_read_timeout = 30
+			origin_keepalive_timeout = 5
 		}
 	}
 	enabled = true
@@ -542,6 +544,7 @@ resource "aws_cloudfront_distribution" "multi_origin_distribution" {
 			https_port = 443
 			origin_protocol_policy = "http-only"
 			origin_ssl_protocols = [ "SSLv3", "TLSv1" ]
+			origin_keepalive_timeout = 45
 		}
 	}
 	enabled = true
diff --git a/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown b/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown
index 8f7b7db8e5c1..e28b781def49 100644
--- a/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown
+++ b/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown
@@ -316,6 +316,10 @@ argument is not required.
     CloudFront to use when communicating with your origin over HTTPS. A list of
     one or more of `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`.
 
+  * `origin_keepalive_timeout` - (Optional) The Custom KeepAlive timeout, in seconds. Value must be between `1` and `60`.
+
+  * `origin_read_timeout` - (Optional) The Custom Read timeout, in seconds. Value must be between `4` and `60`.
+
 ##### S3 Origin Config Arguments
 
 * `origin_access_identity` (Optional) - The [CloudFront origin access