diff --git a/packages/infrastructure/kube_authentik/main.tf b/packages/infrastructure/kube_authentik/main.tf
index 069ca24c..d0540133 100644
--- a/packages/infrastructure/kube_authentik/main.tf
+++ b/packages/infrastructure/kube_authentik/main.tf
@@ -696,7 +696,7 @@ module "ingress" {
       }
     }
   }]
-  cdn_mode_enabled               = true
+  cdn_mode_enabled               = var.cdn_mode_enabled
   rate_limiting_enabled          = true
   cross_origin_isolation_enabled = false
   cross_origin_embedder_policy   = "credentialless" // Required to load gravatar images
@@ -718,7 +718,7 @@ module "ingress" {
 }
 
 module "cdn" {
-  count  = var.ingress_enabled ? 1 : 0
+  count  = var.ingress_enabled && var.cdn_mode_enabled ? 1 : 0
   source = "../kube_aws_cdn"
   providers = {
     aws.global = aws.global
diff --git a/packages/infrastructure/kube_authentik/vars.tf b/packages/infrastructure/kube_authentik/vars.tf
index e41c37ad..ce82fdf3 100644
--- a/packages/infrastructure/kube_authentik/vars.tf
+++ b/packages/infrastructure/kube_authentik/vars.tf
@@ -56,6 +56,12 @@ variable "ingress_enabled" {
   default     = false
 }
 
+variable "cdn_mode_enabled" {
+  description = "Whether to enable CDN mode for the Vault ingress"
+  type        = bool
+  default     = true
+}
+
 variable "domain" {
   description = "A list of domains from which authentik will serve traffic"
   type        = string
diff --git a/packages/infrastructure/kube_cert_issuers/main.tf b/packages/infrastructure/kube_cert_issuers/main.tf
index ca57e9fb..8fcee5e2 100644
--- a/packages/infrastructure/kube_cert_issuers/main.tf
+++ b/packages/infrastructure/kube_cert_issuers/main.tf
@@ -84,7 +84,7 @@ data "aws_iam_policy_document" "permissions" {
 module "aws_permissions" {
   count = length(var.route53_zones) > 0 ? 1 : 0
 
-  source                    = "../kube_sa_auth_aws"
+  source = "../kube_sa_auth_aws"
 
   service_account           = var.service_account
   service_account_namespace = var.namespace
diff --git a/packages/infrastructure/kube_vault/main.tf b/packages/infrastructure/kube_vault/main.tf
index 036e9d2d..3bf85ce5 100644
--- a/packages/infrastructure/kube_vault/main.tf
+++ b/packages/infrastructure/kube_vault/main.tf
@@ -366,7 +366,7 @@ module "ingress" {
       service_port = 8200
     }
   ]
-  cdn_mode_enabled               = true
+  cdn_mode_enabled               = var.cdn_mode_enabled
   rate_limiting_enabled          = true
   cross_origin_isolation_enabled = false
   cross_origin_opener_policy     = "same-origin-allow-popups" // Required for SSO logins
@@ -379,7 +379,7 @@ module "ingress" {
 }
 
 module "cdn" {
-  count  = var.ingress_enabled ? 1 : 0
+  count  = var.ingress_enabled && var.cdn_mode_enabled ? 1 : 0
   source = "../kube_aws_cdn"
   providers = {
     aws.global = aws.global
diff --git a/packages/infrastructure/kube_vault/vars.tf b/packages/infrastructure/kube_vault/vars.tf
index a6cfd288..5ba63b2c 100644
--- a/packages/infrastructure/kube_vault/vars.tf
+++ b/packages/infrastructure/kube_vault/vars.tf
@@ -62,6 +62,12 @@ variable "ingress_enabled" {
   default     = false
 }
 
+variable "cdn_mode_enabled" {
+  description = "Whether to enable CDN mode for the Vault ingress"
+  type        = bool
+  default     = true
+}
+
 variable "pull_through_cache_enabled" {
   description = "Whether to use the ECR pull through cache for the deployed images"
   type        = bool
diff --git a/packages/website/src/app/changelog/edge/page.mdx b/packages/website/src/app/changelog/edge/page.mdx
index b827dce8..f8bd9585 100644
--- a/packages/website/src/app/changelog/edge/page.mdx
+++ b/packages/website/src/app/changelog/edge/page.mdx
@@ -9,6 +9,12 @@ Learn more [here](/docs/edge/guides/versioning/releases).*
 
 {/* lint disable no-duplicate-headings */}
 
+## Unreleased
+
+### Added
+
+* added `cdn_mode_enabled` boolean to the [kube_vault](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_vault) & [kube_authentik](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_authentik) module to enable CDN for Vault.
+
 ## edge.24-10-15
 
 ### Breaking Changes
diff --git a/packages/website/src/app/docs/edge/guides/versioning/upgrading/general/page.mdx b/packages/website/src/app/docs/edge/guides/versioning/upgrading/general/page.mdx
index 0df4745e..6687a716 100644
--- a/packages/website/src/app/docs/edge/guides/versioning/upgrading/general/page.mdx
+++ b/packages/website/src/app/docs/edge/guides/versioning/upgrading/general/page.mdx
@@ -25,8 +25,8 @@ you have reviewed the changes and understand what steps you need to take.
    {
        inputs = {
            pkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
-   -       panfactum.url = "github:NixOS/nixpkgs/old-version";
-   +       panfactum.url = "github:NixOS/nixpkgs/new-version";
+   -       panfactum.url = github:panfactum/stack/edge.24-10-09
+   +       panfactum.url = "github:panfactum/stack/edge.24-10-15";
        };
 
        outputs = { self, panfactum, pkgs, ... }@inputs: {
diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_authentik/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_authentik/page.mdx
index aa7af8e2..31e96dbd 100644
--- a/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_authentik/page.mdx
+++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_authentik/page.mdx
@@ -89,6 +89,14 @@ Type: `list(string)`
 
 Default: `[]`
 
+### cdn\_mode\_enabled
+
+Description: Whether to enable CDN mode for the Vault ingress
+
+Type: `bool`
+
+Default: `true`
+
 ### db\_recovery\_directory
 
 Description: The name of the directory in the backup bucket that contains the PostgreSQL backups and WAL archives
diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_vault/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_vault/page.mdx
index a92f6350..b57e445d 100644
--- a/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_vault/page.mdx
+++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_vault/page.mdx
@@ -62,6 +62,14 @@ Type: `list(string)`
 
 Default: `[]`
 
+### cdn\_mode\_enabled
+
+Description: Whether to enable CDN mode for the Vault ingress
+
+Type: `bool`
+
+Default: `true`
+
 ### cors\_enabled
 
 Description: Whether to enable CORS handling in the Vault ingress
diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/aws/aws_cdn/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/aws/aws_cdn/page.mdx
index 023b6974..5879cbd4 100644
--- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/aws/aws_cdn/page.mdx
+++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/aws/aws_cdn/page.mdx
@@ -206,7 +206,7 @@ by following [this documentation.](https://docs.aws.amazon.com/AmazonCloudFront/
 
 The following providers are needed by this module:
 
-* archive (2.6.0)
+* [archive](https://registry.terraform.io/providers/hashicorp/archive/2.6.0/docs) (2.6.0)
 
 * [aws](https://registry.terraform.io/providers/hashicorp/aws/5.70.0/docs) (5.70.0)
 
diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn/page.mdx
index 0396040e..69945d45 100644
--- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn/page.mdx
+++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn/page.mdx
@@ -115,7 +115,7 @@ module "cdn" {
 
 The following providers are needed by this module:
 
-* archive (2.6.0)
+* [archive](https://registry.terraform.io/providers/hashicorp/archive/2.6.0/docs) (2.6.0)
 
 * [aws](https://registry.terraform.io/providers/hashicorp/aws/5.70.0/docs) (5.70.0)
 
diff --git a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_constants/page.mdx b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_constants/page.mdx
index 56cfd3c0..0000034f 100644
--- a/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_constants/page.mdx
+++ b/packages/website/src/app/docs/main/reference/infrastructure-modules/submodule/kubernetes/kube_constants/page.mdx
@@ -3,8 +3,7 @@ import ModuleHeader from "../../../ModuleHeader";
 {/* lint disable no-duplicate-headings */}
 
 {/* eslint-disable import/order */}
-
-<ModuleHeader name="kube_constants" sourceHref="https://github.com/Panfactum/stack/tree/__PANFACTUM_VERSION_MAIN__/packages/infrastructure/kube_constants" status="stable" type="submodule" />
+<ModuleHeader name="kube_constants" sourceHref="https://github.com/Panfactum/stack/tree/__PANFACTUM_VERSION_MAIN__/packages/infrastructure/kube_constants" status="stable" type="submodule"/>
 
 # Kubernetes Constants