add Vercel proxy info to AWS page

Author: ethanpalm

advanced/subpath/route53-cloudfront.mdx

@@ -6,6 +6,31 @@ description: "Host documentation at a /docs subdirectory using AWS services"
 
 import Propagating from "/snippets/custom-subpath-propagating.mdx";
 
+To host your documentation at a `/docs` subpath using AWS Route 53 and Cloudfront, you need to configure your DNS provider to point to your Cloudfront distribution.
+
+## Proxies with Vercel deployments
+
+If you use AWS CloudFront as a proxy with Vercel deployments, you must configure CloudFront to avoid interfering with Vercel's domain verification and SSL certificate provisioning.
+
+Improper CloudFront configuration can prevent Vercel from provisioning Let's Encrypt SSL certificates and cause domain verification failures.
+
+### Required path allowlist
+
+CloudFront must allow traffic to these specific paths without caching or blocking:
+
+- `/.well-known/acme-challenge/*` - Required for Let's Encrypt certificate verification
+- `/.well-known/vercel/*` - Required for Vercel domain verification
+
+These paths should be configured to bypass CloudFront caching and pass through directly to your origin.
+
+### Header forwarding requirements
+
+Ensure that CloudFront forwards the `HOST` header and client IP information correctly. This is critical for Vercel's verification processes.
+
+When using CloudFront with Vercel deployments, CloudFront automatically adds the `CloudFront-Viewer-Address` header containing the original client's IP address.
+
+Make sure your CloudFront distribution is configured to forward this header to your origin by including it in your origin request policy or cache policy headers configuration.
+
 ## Create Cloudfront Distribution
 
 Navigate to [Cloudfront](https://aws.amazon.com/cloudfront) inside the AWS console and click on `Create distribution`
@@ -70,19 +95,25 @@ Behaviors in Cloudfront enables control over the subpath logic. At a high level,
 - **If a user lands on /docs**, go to `[SUBDOMAIN].mintlify.dev`
 - **If a user lands on any other page**, go the current landing page
 
-We're going to create three behaviors by clicking on the `Create behavior` button.
+Select the **Create behavior** button and create the following behaviors.
+
+### `/.well-known/*`
+
+If you are deploying to Vercel, create a behavior for Vercel verification paths with a **Path pattern** of `/.well-known/*` and **Origin and origin groups** pointing to your main origin (the staging URL).
+
+For **Cache policy**, select `CachingDisabled` to ensure these verification requests pass through without caching.
 
 ### `/docs/*`
 
-The first behavior should have a **Path pattern** of `/docs/*` with **Origin and origin groups** pointing to the `.mintlify.dev` URL (in our case `acme.mintlify.dev`)
+Create a behavior with a **Path pattern** of `/docs/*` with **Origin and origin groups** pointing to the `.mintlify.dev` URL (in our case `acme.mintlify.dev`)
 
 <Frame>![Cloudfront Behavior 1](/images/cloudfront/behavior-1.png)</Frame>
 
 For **Cache policy**, select `CachingOptimized` and create behavior.
 
 ### `/docs`
 
-The second behavior should be the same as the first one but with a **Path pattern** of `/docs` and **Origin and origin groups** pointing to the same `.mintlify.dev` URL.
+Create a behavior with a **Path pattern** of `/docs` and **Origin and origin groups** pointing to the same `.mintlify.dev` URL.
 
 <Frame>![Cloudfront Behavior 2](/images/cloudfront/behavior-2.png)</Frame>