CloudFront distributions should have geo-restrictions specified¶
CloudFront distributions should enable geo-restriction when an organization needs to prevent users in specific geographic locations from accessing content. For example, if an organization has rights to distribute content in only one country, geo restriction should be enabled to allow access only from users in the whitelisted country. Or if the organization cannot distribute content in a particular country, geo restriction should deny access from users in the blacklisted country.
Console Remediation Steps¶
CLI Remediation Steps¶
Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution.
Update the returned XML to include the CloudFront should have geo-restrictions specified.
Submit an UpdateDistribution request to update the configuration for your distribution. Refer to here for more information.