Ensure Geo-Restriction is enabled within Cloudfront Distribution


Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

  • If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
  • If the content is not in that edge location, CloudFront retrieves it from an origin that you’ve defined—such as an Amazon S3 bucket, an AWS Elemental MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.

Using CloudFront Geo Restriction

You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution. When a user requests your content, CloudFront typically serves the requested content regardless of where the user is located. If you need to prevent users in specific countries from accessing your content, you can use the CloudFront geo restriction feature to do one of the following:

  • Allow your users to access your content only if they’re in one of the countries on a whitelist of approved countries.
  • Prevent your users from accessing your content if they’re in one of the countries on a blacklist of banned countries.


Perform the following to Ensure Geo-Restriction is enabled within Cloudfront Distribution:

To whitelist or blacklist a country using CloudFront geo restriction :

  1. Go to Amazon Cloudfront console at
  2. From the CloudFront console, choose the distribution that you want to apply a country restriction to.
  3. Choose the Restriction tab, and then choose Edit. From Enable-Restriction, choose Yes, and then choose Yes, Edit.
  4. For Restriction Type, choose Whitelist or Blacklist, select your countries, choose Add, and then choose Yes, Edit.


  • Because CloudFront uses GeoIP, the accuracy may vary.
  • Make sure that any AWS security groups on your CloudFront Origin have restricted HTTP/HTTPS access to the CloudFront IP ranges to prevent access to them from outside of CloudFront.

Reference :







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!