diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c849d6..2c35158 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file.
 
+## [3.3.0](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/compare/v3.2.2...v3.3.0) (2024-03-01)
+
+
+### Features
+
+* Added support for Staging Distribution ([#130](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/issues/130)) ([601df49](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/commit/601df4903d11e8bff2c907a9c8ce711ccb43a05c))
+
 ### [3.2.2](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/compare/v3.2.1...v3.2.2) (2024-02-09)
 
 
diff --git a/README.md b/README.md
index 388b0e6..7171ec8 100644
--- a/README.md
+++ b/README.md
@@ -134,6 +134,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_aliases"></a> [aliases](#input\_aliases) | Extra CNAMEs (alternate domain names), if any, for this distribution. | `list(string)` | `null` | no |
 | <a name="input_comment"></a> [comment](#input\_comment) | Any comments you want to include about the distribution. | `string` | `null` | no |
+| <a name="input_continuous_deployment_policy_id"></a> [continuous\_deployment\_policy\_id](#input\_continuous\_deployment\_policy\_id) | Identifier of a continuous deployment policy. This argument should only be set on a production distribution. | `string` | `null` | no |
 | <a name="input_create_distribution"></a> [create\_distribution](#input\_create\_distribution) | Controls if CloudFront distribution should be created | `bool` | `true` | no |
 | <a name="input_create_monitoring_subscription"></a> [create\_monitoring\_subscription](#input\_create\_monitoring\_subscription) | If enabled, the resource for monitoring subscription will created. | `bool` | `false` | no |
 | <a name="input_create_origin_access_control"></a> [create\_origin\_access\_control](#input\_create\_origin\_access\_control) | Controls if CloudFront origin access control should be created | `bool` | `false` | no |
@@ -154,6 +155,7 @@ No modules.
 | <a name="input_price_class"></a> [price\_class](#input\_price\_class) | The price class for this distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100 | `string` | `null` | no |
 | <a name="input_realtime_metrics_subscription_status"></a> [realtime\_metrics\_subscription\_status](#input\_realtime\_metrics\_subscription\_status) | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | `string` | `"Enabled"` | no |
 | <a name="input_retain_on_delete"></a> [retain\_on\_delete](#input\_retain\_on\_delete) | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | `bool` | `false` | no |
+| <a name="input_staging"></a> [staging](#input\_staging) | Whether the distribution is a staging distribution. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `null` | no |
 | <a name="input_viewer_certificate"></a> [viewer\_certificate](#input\_viewer\_certificate) | The SSL configuration for this distribution | `any` | <pre>{<br>  "cloudfront_default_certificate": true,<br>  "minimum_protocol_version": "TLSv1"<br>}</pre> | no |
 | <a name="input_wait_for_deployment"></a> [wait\_for\_deployment](#input\_wait\_for\_deployment) | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this to false will skip the process. | `bool` | `true` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 9308091..fa22391 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -22,12 +22,18 @@ module "cloudfront" {
 
   comment             = "My awesome CloudFront"
   enabled             = true
+  staging             = false # If you want to create a staging distribution, set this to true
   http_version        = "http2and3"
   is_ipv6_enabled     = true
   price_class         = "PriceClass_All"
   retain_on_delete    = false
   wait_for_deployment = false
 
+  # If you want to create a primary distribution with a continuous deployment policy, set this to the ID of the policy.
+  # This argument should only be set on a production distribution.
+  # ref. `aws_cloudfront_continuous_deployment_policy` resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_continuous_deployment_policy
+  continuous_deployment_policy_id = null
+
   # When you enable additional metrics for a distribution, CloudFront sends up to 8 metrics to CloudWatch in the US East (N. Virginia) Region.
   # This rate is charged only once per month, per metric (up to 8 metrics per distribution).
   create_monitoring_subscription = true
diff --git a/main.tf b/main.tf
index 9b9b54e..f7fc2c8 100644
--- a/main.tf
+++ b/main.tf
@@ -27,17 +27,19 @@ resource "aws_cloudfront_origin_access_control" "this" {
 resource "aws_cloudfront_distribution" "this" {
   count = var.create_distribution ? 1 : 0
 
-  aliases             = var.aliases
-  comment             = var.comment
-  default_root_object = var.default_root_object
-  enabled             = var.enabled
-  http_version        = var.http_version
-  is_ipv6_enabled     = var.is_ipv6_enabled
-  price_class         = var.price_class
-  retain_on_delete    = var.retain_on_delete
-  wait_for_deployment = var.wait_for_deployment
-  web_acl_id          = var.web_acl_id
-  tags                = var.tags
+  aliases                         = var.aliases
+  comment                         = var.comment
+  continuous_deployment_policy_id = var.continuous_deployment_policy_id
+  default_root_object             = var.default_root_object
+  enabled                         = var.enabled
+  http_version                    = var.http_version
+  is_ipv6_enabled                 = var.is_ipv6_enabled
+  price_class                     = var.price_class
+  retain_on_delete                = var.retain_on_delete
+  staging                         = var.staging
+  wait_for_deployment             = var.wait_for_deployment
+  web_acl_id                      = var.web_acl_id
+  tags                            = var.tags
 
   dynamic "logging_config" {
     for_each = length(keys(var.logging_config)) == 0 ? [] : [var.logging_config]
diff --git a/variables.tf b/variables.tf
index 12e9098..4d7e226 100644
--- a/variables.tf
+++ b/variables.tf
@@ -53,6 +53,12 @@ variable "comment" {
   default     = null
 }
 
+variable "continuous_deployment_policy_id" {
+  description = "Identifier of a continuous deployment policy. This argument should only be set on a production distribution."
+  type        = string
+  default     = null
+}
+
 variable "default_root_object" {
   description = "The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL."
   type        = string
@@ -101,6 +107,12 @@ variable "web_acl_id" {
   default     = null
 }
 
+variable "staging" {
+  description = "Whether the distribution is a staging distribution."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A map of tags to assign to the resource."
   type        = map(string)
diff --git a/wrappers/main.tf b/wrappers/main.tf
index d07f8c5..797019b 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -3,22 +3,23 @@ module "wrapper" {
 
   for_each = var.items
 
-  aliases                        = try(each.value.aliases, var.defaults.aliases, null)
-  comment                        = try(each.value.comment, var.defaults.comment, null)
-  create_distribution            = try(each.value.create_distribution, var.defaults.create_distribution, true)
-  create_monitoring_subscription = try(each.value.create_monitoring_subscription, var.defaults.create_monitoring_subscription, false)
-  create_origin_access_control   = try(each.value.create_origin_access_control, var.defaults.create_origin_access_control, false)
-  create_origin_access_identity  = try(each.value.create_origin_access_identity, var.defaults.create_origin_access_identity, false)
-  custom_error_response          = try(each.value.custom_error_response, var.defaults.custom_error_response, {})
-  default_cache_behavior         = try(each.value.default_cache_behavior, var.defaults.default_cache_behavior, null)
-  default_root_object            = try(each.value.default_root_object, var.defaults.default_root_object, null)
-  enabled                        = try(each.value.enabled, var.defaults.enabled, true)
-  geo_restriction                = try(each.value.geo_restriction, var.defaults.geo_restriction, {})
-  http_version                   = try(each.value.http_version, var.defaults.http_version, "http2")
-  is_ipv6_enabled                = try(each.value.is_ipv6_enabled, var.defaults.is_ipv6_enabled, null)
-  logging_config                 = try(each.value.logging_config, var.defaults.logging_config, {})
-  ordered_cache_behavior         = try(each.value.ordered_cache_behavior, var.defaults.ordered_cache_behavior, [])
-  origin                         = try(each.value.origin, var.defaults.origin, null)
+  aliases                         = try(each.value.aliases, var.defaults.aliases, null)
+  comment                         = try(each.value.comment, var.defaults.comment, null)
+  continuous_deployment_policy_id = try(each.value.continuous_deployment_policy_id, var.defaults.continuous_deployment_policy_id, null)
+  create_distribution             = try(each.value.create_distribution, var.defaults.create_distribution, true)
+  create_monitoring_subscription  = try(each.value.create_monitoring_subscription, var.defaults.create_monitoring_subscription, false)
+  create_origin_access_control    = try(each.value.create_origin_access_control, var.defaults.create_origin_access_control, false)
+  create_origin_access_identity   = try(each.value.create_origin_access_identity, var.defaults.create_origin_access_identity, false)
+  custom_error_response           = try(each.value.custom_error_response, var.defaults.custom_error_response, {})
+  default_cache_behavior          = try(each.value.default_cache_behavior, var.defaults.default_cache_behavior, null)
+  default_root_object             = try(each.value.default_root_object, var.defaults.default_root_object, null)
+  enabled                         = try(each.value.enabled, var.defaults.enabled, true)
+  geo_restriction                 = try(each.value.geo_restriction, var.defaults.geo_restriction, {})
+  http_version                    = try(each.value.http_version, var.defaults.http_version, "http2")
+  is_ipv6_enabled                 = try(each.value.is_ipv6_enabled, var.defaults.is_ipv6_enabled, null)
+  logging_config                  = try(each.value.logging_config, var.defaults.logging_config, {})
+  ordered_cache_behavior          = try(each.value.ordered_cache_behavior, var.defaults.ordered_cache_behavior, [])
+  origin                          = try(each.value.origin, var.defaults.origin, null)
   origin_access_control = try(each.value.origin_access_control, var.defaults.origin_access_control, {
     s3 = {
       description      = "",
@@ -32,6 +33,7 @@ module "wrapper" {
   price_class                          = try(each.value.price_class, var.defaults.price_class, null)
   realtime_metrics_subscription_status = try(each.value.realtime_metrics_subscription_status, var.defaults.realtime_metrics_subscription_status, "Enabled")
   retain_on_delete                     = try(each.value.retain_on_delete, var.defaults.retain_on_delete, false)
+  staging                              = try(each.value.staging, var.defaults.staging, false)
   tags                                 = try(each.value.tags, var.defaults.tags, null)
   viewer_certificate = try(each.value.viewer_certificate, var.defaults.viewer_certificate, {
     cloudfront_default_certificate = true