Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
With AWS CloudFront geo restriction you have the ability to block IP addresses based on Geo IP from reaching your CDN distribution and your web application content delivered by the distribution. The feature can also be used to assist in mitigation of Distributed Denial of Service (DDoS) attacks.
To determine if CloudFront geo restriction feature is enabled within your CDN distribution configuration, perform the following:
To enable and configure Amazon CloudFront geo restriction feature for your CDN distributions, perform the following actions: