Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to safelist or blocklist a country in order to allow or restrict users in specific locations from accessing web application content.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
With AWS CloudFront geo restriction you have the ability to block IP addresses based on Geo IP from reaching your CDN distribution and your web application content delivered by the distribution. The feature can also be used to assist in mitigation of Distributed Denial of Service (DDoS) attacks.
To determine if CloudFront geo restriction feature is enabled within your CDN distribution configuration, perform the following:
Remediation / Resolution
To enable and configure Amazon CloudFront geo restriction feature for your CDN distributions, perform the following actions:
- AWS Documentation
- Amazon CloudFront FAQs
- Overview of Web and RTMP Distributions
- Restricting the Geographic Distribution of Your Content
- How do I use Amazon CloudFront geo restriction to safelist or blocklist a country to restrict or allow users in specific locations from accessing web content?
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
CloudFront Geo Restriction
Risk level: Low