diff --git a/terraform/modules/cloudfront/main.tf b/terraform/modules/cloudfront/main.tf
index 32d30a8..6766e05 100644
--- a/terraform/modules/cloudfront/main.tf
+++ b/terraform/modules/cloudfront/main.tf
@@ -61,6 +61,16 @@ resource "aws_cloudfront_distribution" "this" {
           forward = "none"
         }
       }
+
+      dynamic "function_association" {
+        for_each = lookup(i.value, "function_association", [])
+        iterator = f
+
+        content {
+          event_type   = f.key
+          function_arn = lookup(f.value, "function_arn", aws_cloudfront_function.this[0].arn)
+        }
+      }
     }
   }
 
@@ -75,3 +85,12 @@ resource "aws_cloudfront_distribution" "this" {
     ssl_support_method  = "sni-only"
   }
 }
+
+resource "aws_cloudfront_function" "this" {
+  count = var.code != "" ? 1 : 0
+
+  name    = "redirectWWW"
+  runtime = "cloudfront-js-1.0"
+  code    = var.code
+  publish = true
+}
diff --git a/terraform/modules/cloudfront/variables.tf b/terraform/modules/cloudfront/variables.tf
index e14d7aa..11f8511 100644
--- a/terraform/modules/cloudfront/variables.tf
+++ b/terraform/modules/cloudfront/variables.tf
@@ -5,7 +5,7 @@
 variable "web_acl_id" {
   description = "Id or ARN of the AWS WAF web ACL that is associated with the distribution."
   type        = string
-  nullable    = false
+  nullable    = true
 }
 
 variable "tags" {
@@ -49,3 +49,8 @@ variable "acm_certificate_arn" {
   type        = string
   nullable    = false
 }
+
+variable "code" {
+  description = "CloudFront function code to run."
+  type        = string
+}
diff --git a/terraform/organization/cloudfront.tf b/terraform/organization/cloudfront.tf
index d74d07e..16ac348 100644
--- a/terraform/organization/cloudfront.tf
+++ b/terraform/organization/cloudfront.tf
@@ -1,4 +1,5 @@
 module "cloudfront" {
+  for_each = local.cloudfront
   source = "../modules/cloudfront"
 
   providers = {
@@ -12,53 +13,14 @@ module "cloudfront" {
   ]
 
   enabled    = true
-  web_acl_id = module.waf.web_acl_arn
-  aliases = [
-    local.domain,
-    "www.${local.domain}"
-  ]
+  web_acl_id = try(each.value.web_acl_id, null)
+  aliases = each.value.aliases
 
   acm_certificate_arn = module.acm.certificate_arn
   default_root_object = "index.html"
 
-  origin = {
-    api-gateway = {
-      domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
-      origin_path = "/api"
-
-      custom_origin_config = {
-        http_port              = 80
-        https_port             = 443
-        origin_protocol_policy = "match-viewer"
-        origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
-      }
-    }
-    s3 = {
-      domain_name = module.s3["website"].domain_name
-
-      s3_origin_config = {
-        origin_access_identity = module.s3["website"].cloudfront_access_identity
-      }
-    }
-  }
-
-  default_cache_behavior = {
-    target_origin_id       = "s3"
-    viewer_protocol_policy = "redirect-to-https"
-
-    allowed_methods = ["GET", "HEAD", "OPTIONS"]
-    cached_methods  = ["GET", "HEAD"]
-
-    min_ttl     = 0
-    default_ttl = 3600
-    max_ttl     = 86400
-
-    forwarded_values = {
-      query_string = false
-
-      cookies = {
-        forward = "none"
-      }
-    }
-  }
+  origin = each.value.origin
+  
+  default_cache_behavior = each.value.default_cache_behavior
+  code = try(each.value.code, "")
 }
diff --git a/terraform/organization/locals.tf b/terraform/organization/locals.tf
index 169b75b..a09b051 100644
--- a/terraform/organization/locals.tf
+++ b/terraform/organization/locals.tf
@@ -132,4 +132,74 @@ locals {
   domain = "santilococo.com.ar"
 
   emails = ["slococo@itba.edu.ar"]
+
+  cloudfront = {
+    root = {
+      web_acl_id = module.waf.web_acl_arn
+      aliases = [
+        local.domain
+      ]
+      origin = {
+        api-gateway = {
+          domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
+          origin_path = "/api"
+
+          custom_origin_config = {
+            http_port              = 80
+            https_port             = 443
+            origin_protocol_policy = "match-viewer"
+            origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
+          }
+        }
+        s3 = {
+          domain_name = module.s3["website"].domain_name
+
+          s3_origin_config = {
+            origin_access_identity = module.s3["website"].cloudfront_access_identity
+          }
+        }
+      }
+      default_cache_behavior = {
+        target_origin_id       = "s3"
+        viewer_protocol_policy = "redirect-to-https"
+
+        allowed_methods = ["GET", "HEAD", "OPTIONS"]
+        cached_methods  = ["GET", "HEAD"]
+
+        min_ttl     = 0
+        default_ttl = 3600
+        max_ttl     = 86400
+      }
+    },
+    redirect = {
+      aliases = [
+        "www.${local.domain}"
+      ]
+      origin = {
+        s3 = {
+          domain_name = module.s3["website"].domain_name
+
+          s3_origin_config = {
+            origin_access_identity = module.s3["website"].cloudfront_access_identity
+          }
+        }
+      }
+      default_cache_behavior = {
+        target_origin_id       = "s3"
+        viewer_protocol_policy = "redirect-to-https"
+
+        allowed_methods = ["GET", "HEAD", "OPTIONS"]
+        cached_methods  = ["GET", "HEAD"]
+
+        min_ttl     = 0
+        default_ttl = 3600
+        max_ttl     = 86400
+
+        function_association = {
+          viewer-request = {}
+        }
+      }
+      code = file("${local.path}/lambda/redirectWWW.js")
+    }
+  }
 }
diff --git a/terraform/organization/route53.tf b/terraform/organization/route53.tf
index 4f8b377..63b8706 100644
--- a/terraform/organization/route53.tf
+++ b/terraform/organization/route53.tf
@@ -16,15 +16,16 @@ module "route53" {
       name = local.domain
       type = "A"
       alias = {
-        name    = module.cloudfront.distribution_domain_name
-        zone_id = module.cloudfront.distribution_hosted_zone_id
+        name    = module.cloudfront["root"].distribution_domain_name
+        zone_id = module.cloudfront["root"].distribution_hosted_zone_id
       }
     },
     www = {
       name = "www.${local.domain}"
       type = "A"
       alias = {
-        name    = local.domain
+        name    = module.cloudfront["redirect"].distribution_domain_name
+        zone_id = module.cloudfront["redirect"].distribution_hosted_zone_id
       }
     }
   }
diff --git a/terraform/resources/lambda/redirectWWW.js b/terraform/resources/lambda/redirectWWW.js
new file mode 100644
index 0000000..b322299
--- /dev/null
+++ b/terraform/resources/lambda/redirectWWW.js
@@ -0,0 +1,23 @@
+function handler(event) {
+    var host = (event.request.headers.host && event.request.headers.host.value) || '';
+
+    if (host.indexOf('www.') !== 0) {
+        return event.request;
+    }
+
+    var queryString = Object
+        .keys(event.request.querystring)
+        .map(key => key + '=' + event.request.querystring[key].value)
+        .join('&');
+
+    return {
+        statusCode: 301,
+        statusDescription: 'Moved Permanently',
+        headers: {
+            location: {
+                value: 'https://' + host.replace('www.', '') + event.request.uri +
+                    (queryString.length > 0 ? '?' + queryString : ''),
+            },
+        },
+    };
+}
\ No newline at end of file