Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to safelist or blocklist a country in order to allow or restrict users in specific locations from accessing web application content.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
With AWS CloudFront geo restriction you have the ability to block IP addresses based on Geo IP from reaching your CDN distribution and your web application content delivered by the distribution. The feature can also be used to assist in mitigation of Distributed Denial of Service (DDoS) attacks.
To determine if CloudFront geo restriction feature is enabled within your CDN distribution configuration, perform the following:
Remediation / Resolution
To enable and configure Amazon CloudFront geo restriction feature for your CDN distributions, perform the following actions:
- AWS Documentation
- Amazon CloudFront FAQs
- Overview of Web and RTMP Distributions
- Restricting the Geographic Distribution of Your Content
- How do I use Amazon CloudFront geo restriction to safelist or blocklist a country to restrict or allow users in specific locations from accessing web content?
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
CloudFront Geo Restriction
Risk level: Low